x-kom hosting

[Rozwiązane] Usuniecie konia trojanskiego

maryjanek
utworzono
utworzono (edytowane)

Witam, ostatnio na facebooku ludzie zaczli wysylac na tablice sobie napisy "patrz twoje foty *link*" pod linkiem, kryje sie plik, ktory sie pobiera, my mamy go na pulpicie, dajemy uruchom i magicznie plik znika z pulpitu i w procesach nic nie ma (a nazwa pliku to byla cos w stylu "yoursexphotos.exe"). Dzien jest spokoj, a nastepnego dnia, moj AVG wykrywa mi konia trojanskiego w pliku sacu.exe, wirus nazywal sie sheur4.axdt. Pobralem Kasperskiego, usunalem AVG, zainstalowalem Kasperskiego, zaktualizowalem go i potem sam wykryl wirusa, usunal go, komputer zalaczyl sie na nowo. Nastepnie przeskanowalem nim caly komputer i nic nie znalazl, wiec go usunalem i znowu zainstalowalem AVG, ale pomylilem sie i mam wersje testowa jeszcze przez 29 dni, zamiast zwyklej darmowej. Przeskanowalem komputer OTL tak jak pisano na forum, zalaczam logi:

OTL.txt
[log]OTL logfile created on: 2012-12-26 19:57:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 61,83% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 6,04 Gb Free Space | 17,32% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 12,56 Gb Free Space | 31,75% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2012-12-25 19:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgui.exe
PRC - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgidsagent.exe
PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgwdsvc.exe
PRC - [2012-10-10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
MOD - [2012-11-14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
MOD - [2012-11-14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2012-11-14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2012-11-14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2012-11-14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
MOD - [2012-11-14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgui.exe
MOD - [2012-11-06 00:11:52 | 002,606,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgkrnlapix.dll
MOD - [2012-10-29 03:38:18 | 001,001,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgcfgx.dll
MOD - [2012-10-22 13:04:38 | 002,024,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avguires.dll
MOD - [2012-10-22 13:04:36 | 000,025,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgapps.dll
MOD - [2012-10-22 13:04:16 | 000,797,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgsysx.dll
MOD - [2012-10-22 13:04:12 | 000,862,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgntopensslx.dll
MOD - [2012-10-22 13:04:10 | 000,311,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avglogx.dll
MOD - [2012-10-22 13:04:10 | 000,177,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avglngx.dll
MOD - [2012-10-22 13:04:08 | 000,481,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgcommx.dll
MOD - [2012-10-22 13:04:08 | 000,403,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgdecider.dll
MOD - [2012-10-22 13:04:04 | 000,348,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgidpmx.dll
MOD - [2012-10-22 13:03:44 | 000,279,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgclitx.dll
MOD - [2012-10-09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2012-10-04 17:47:41 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2012-10-04 17:47:40 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2012-08-24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2012-06-02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2012-06-02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2012-06-02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2012-05-05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2012-03-03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2012-01-04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2011-12-31 12:25:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2011-12-16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011-11-17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011-08-27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011-08-27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011-06-11 01:58:52 | 004,422,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100u.dll
MOD - [2011-06-11 01:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll
MOD - [2011-06-11 01:58:52 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll
MOD - [2011-06-11 01:58:52 | 000,055,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100enu.dll
MOD - [2011-05-24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011-05-24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011-05-03 05:30:02 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inetcomm.dll
MOD - [2011-03-03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2011-02-19 07:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2011-01-17 06:47:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2010-11-20 04:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010-11-20 04:21:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010-11-20 04:21:38 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010-11-20 04:21:38 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010-11-20 04:21:38 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010-11-20 04:21:36 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010-11-20 04:21:34 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010-11-20 04:21:28 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010-11-20 04:21:28 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\t2embed.dll
MOD - [2010-11-20 04:21:28 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010-11-20 04:21:26 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010-11-20 04:21:20 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010-11-20 04:21:16 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010-11-20 04:21:16 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010-11-20 04:21:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010-11-20 04:21:04 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010-11-20 04:21:04 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010-11-20 04:20:58 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010-11-20 04:20:50 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-11-20 04:20:50 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010-11-20 04:20:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010-11-20 04:19:46 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010-11-20 04:19:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010-11-20 04:18:38 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2010-11-20 04:18:26 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2010-11-20 04:18:26 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010-11-20 04:18:24 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010-11-20 04:18:04 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010-11-20 04:18:04 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010-11-20 04:16:52 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010-11-20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010-11-20 04:08:58 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010-11-20 04:08:52 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010-11-20 04:08:52 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010-11-20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 02:15:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msoert2.dll
MOD - [2009-07-14 02:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll
MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009-07-14 02:06:08 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\INETRES.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-12-25 19:42:38 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-10-10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-20 13:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-01-30 21:56:34 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2012-10-05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2012-06-11 10:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-29 13:17:55 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-11-15 04:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2011-07-08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010-08-12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010-02-25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-07-29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012-01-21 15:38:29 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]
IE - HKLM\..\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}: "URL" = [url="http://startsear.ch/?aff=2&src=sp&cf=20fc24d1-ea20-11e1-9543-00241da4ea74&q=%7BsearchTerms%7D"]http://startsear.ch/...q={searchTerms}[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope = {B95BEC67-55A1-4549-B178-31626D0A5B8D}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.v9.com/web/?q=%7BsearchTerms%7D"]http://search.v9.com...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = [url="http://search.v9.com/web/?q=%7BsearchTerms%7D"]http://search.v9.com...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{8CF4B1EF-207D-4F90-9C30-6B4A6A62AC7B}: "URL" = [url="http://www.google.com/search?hl=pl&q=%7BsearchTerms%7D"]http://www.google.co...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}: "URL" = [url="http://startsear.ch/?aff=2&src=sp&cf=20fc24d1-ea20-11e1-9543-00241da4ea74&q=%7BsearchTerms%7D"]http://startsear.ch/...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{C55A7213-2DC5-49D5-93E7-76F4DA773C1C}: "URL" = [url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p=%7BsearchTerms%7D"]http://search.yahoo....p={searchTerms}[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{C68C8B56-22CC-4B7A-8BB3-5ACF9DF123DE}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q=%7BsearchTerms%7D&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYPL&apn_uid=462787a4-407d-46ba-beab-8add975724f3&apn_sauid=10B7BCE9-3055-412D-A3F4-314027C0F8C3"]http://websearch.ask...F4-314027C0F8C3[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "error"
FF - prefs.js..browser.search.order.1: "error"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl/firefox"
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "error"
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2012-12-06 15:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2012-12-06 15:16:08 | 000,000,000 | ---D | M]

[2012-04-10 10:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2012-12-15 12:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\ypbnexiu.default\extensions
[2012-12-15 12:00:49 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = [url="http://search.v9.com/web/?q=%7BsearchTerms%7D"]http://search.v9.com...q={searchTerms}[/url]
CHR - default_search_provider: suggest_url = ,
CHR - homepage: [url="http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WCAHL2555076&ts=1347112262"]http://www.v9.com/?u...6&ts=1347112262[/url]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Programy\Adobe Reader X\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Windows\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: StartSearch Video plug-in = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\
CHR - Extension: YouTube = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: LiveVDO plugin = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\
CHR - Extension: Gmail = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] D:\Programy\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [360Amigo] D:\Programy\360Amigo\360Amigo.exe (360 Amigo)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.m...ent/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D268F165-161E-46FD-B7EB-1ECA4DBD1455}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-12-26 19:47:55 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\AVG2013
[2012-12-26 19:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-12-26 19:46:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-12-26 19:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012-12-26 18:22:12 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Avg2013
[2012-12-26 18:04:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012-12-26 13:51:34 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\FLiNGTrainer
[2012-12-25 20:03:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\PunkBuster
[2012-12-25 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\Ubisoft
[2012-12-25 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-12-19 18:28:45 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Ubisoft Game Launcher
[2012-12-19 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-12-17 20:09:43 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\SniperV2
[2012-12-17 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\SKIDROW
[2012-12-17 16:25:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-12-09 15:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012-11-28 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-11-28 20:46:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-11-28 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\MFAData
[2012-11-28 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-11-27 16:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-11-26 15:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2012-11-25 17:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012-11-25 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-11-25 17:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-11-25 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012-11-25 17:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012-11-25 17:16:35 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2012-11-25 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012-11-25 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012-11-25 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012-11-25 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012-11-24 20:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LiveVDO plugin
[2012-11-19 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-11-16 21:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012-11-16 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012-11-09 19:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012-11-09 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012-11-03 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\DMCache

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-12-26 19:49:54 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-26 19:49:54 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-26 19:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-26 19:27:20 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000UA.job
[2012-12-26 18:35:38 | 001,662,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-12-26 18:35:38 | 000,737,730 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-12-26 18:35:38 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-12-26 18:35:38 | 000,154,418 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-12-26 18:35:38 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-12-26 18:08:32 | 000,012,904 | ---- | M] () -- C:\Users\Windows\Desktop\bookmarks-2012-12-26.json
[2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012-12-26 17:27:15 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000Core.job
[2012-12-26 15:29:51 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-12-26 15:29:51 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-12-26 13:51:13 | 000,558,252 | ---- | M] () -- C:\Users\Windows\Desktop\Ghost Recon Future Soldier - trainer+12.rar
[2012-12-26 13:09:58 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-12-25 20:01:55 | 000,000,665 | ---- | M] () -- C:\Users\Windows\Desktop\Future Soldier — skrót.lnk
[2012-12-25 19:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-12-22 15:42:47 | 006,874,007 | ---- | M] () -- C:\Users\Windows\Desktop\Jingle Bells - Official 2012_2013 Techno Remix -.mp3
[2012-12-22 15:41:04 | 000,056,832 | ---- | M] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-22 11:04:26 | 000,417,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-12-19 19:08:41 | 010,655,755 | ---- | M] () -- C:\Users\Windows\Desktop\Taio Cruz-Fast car (8 Barz Remix).mp3
[2012-12-19 18:57:00 | 006,497,437 | ---- | M] () -- C:\Users\Windows\Desktop\Michael Mind Project Feat. Dante Thomas - Nothing Lasts Forever (Radio Edit) (CDQ) ( 2o12 ).mp3
[2012-12-12 19:38:37 | 003,242,944 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark-Broadway (Da Brozz Remix).mp3
[2012-12-11 16:16:33 | 006,945,181 | ---- | M] () -- C:\Users\Windows\Desktop\Let's Go Project - Yeke Yeke ( Kuba S & Fisher Remix ).mp3
[2012-12-11 16:06:07 | 008,560,768 | ---- | M] () -- C:\Users\Windows\Desktop\Kalwi & Remi feat. Nadia Gattas - Africa (Radio Edit) (www.djoles.pl).mp3
[2012-12-11 16:04:27 | 005,601,181 | ---- | M] () -- C:\Users\Windows\Desktop\Tacabro - ASI ASI (Original Mix) HD.mp3
[2012-12-02 20:26:58 | 007,803,504 | ---- | M] () -- C:\Users\Windows\Desktop\Avicii-Last Dance.mp3
[2012-12-02 20:24:54 | 008,613,137 | ---- | M] () -- C:\Users\Windows\Desktop\Cascada-The rhythm of the night (Cardinal Edit).mp3
[2012-12-02 20:22:23 | 007,490,971 | ---- | M] () -- C:\Users\Windows\Desktop\Glamrock Brothers-Push the feeling on 2k12.mp3
[2012-12-02 20:20:45 | 007,551,627 | ---- | M] () -- C:\Users\Windows\Desktop\Tiesto ft. Allure-Pair of dice.mp3
[2012-12-01 16:08:49 | 008,403,068 | ---- | M] () -- C:\Users\Windows\Desktop\GrooveBusterz ft. Slayback-U&I.mp3
[2012-11-28 20:41:44 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012-11-27 19:39:18 | 006,855,660 | ---- | M] () -- C:\Users\Windows\Desktop\Remady & Manu-Higher ground.mp3
[2012-11-23 16:31:30 | 000,007,597 | ---- | M] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-17 12:30:06 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012-11-16 21:08:00 | 000,000,391 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-11-09 20:07:18 | 003,338,325 | ---- | M] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Carlprit-Do it all night.mp3
[2012-11-09 20:05:21 | 007,951,476 | ---- | M] () -- C:\Users\Windows\Desktop\Danceboy vs. Cary August-Drive by (Thomas Remix).mp3
[2012-11-09 19:54:59 | 008,193,181 | ---- | M] () -- C:\Users\Windows\Desktop\Daisy Hicks-Electric love.mp3
[2012-11-09 19:46:14 | 008,050,385 | ---- | M] () -- C:\Users\Windows\Desktop\Manuel Lauren-DJ Aflame.mp3
[2012-11-09 19:43:42 | 003,278,264 | ---- | M] () -- C:\Users\Windows\Desktop\Heads Will Roll-Yeah 3X (A-Trak Remix).mp3
[2012-11-09 19:36:17 | 008,070,877 | ---- | M] () -- C:\Users\Windows\Desktop\Remady & Manu ft. Amanda Wilson-Doing it right.mp3
[2012-11-09 19:27:43 | 009,412,233 | ---- | M] () -- C:\Users\Windows\Desktop\Carlprit-Fiesta (Michael Mind Project Edit).mp3
[2012-11-09 19:24:27 | 008,252,987 | ---- | M] () -- C:\Users\Windows\Desktop\Alexandra Shine-Play that game (Stephan F Remix).mp3

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-26 18:08:32 | 000,012,904 | ---- | C] () -- C:\Users\Windows\Desktop\bookmarks-2012-12-26.json
[2012-12-26 13:51:12 | 000,558,252 | ---- | C] () -- C:\Users\Windows\Desktop\Ghost Recon Future Soldier - trainer+12.rar
[2012-12-25 20:03:32 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-12-25 20:01:55 | 000,000,665 | ---- | C] () -- C:\Users\Windows\Desktop\Future Soldier — skrót.lnk
[2012-12-25 19:19:11 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-12-25 19:19:11 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-12-25 19:19:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-12-22 15:42:27 | 006,874,007 | ---- | C] () -- C:\Users\Windows\Desktop\Jingle Bells - Official 2012_2013 Techno Remix -.mp3
[2012-12-19 19:08:09 | 010,655,755 | ---- | C] () -- C:\Users\Windows\Desktop\Taio Cruz-Fast car (8 Barz Remix).mp3
[2012-12-19 18:56:45 | 006,497,437 | ---- | C] () -- C:\Users\Windows\Desktop\Michael Mind Project Feat. Dante Thomas - Nothing Lasts Forever (Radio Edit) (CDQ) ( 2o12 ).mp3
[2012-12-12 19:38:36 | 003,242,944 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark-Broadway (Da Brozz Remix).mp3
[2012-12-11 16:16:19 | 006,945,181 | ---- | C] () -- C:\Users\Windows\Desktop\Let's Go Project - Yeke Yeke ( Kuba S & Fisher Remix ).mp3
[2012-12-11 16:06:02 | 008,560,768 | ---- | C] () -- C:\Users\Windows\Desktop\Kalwi & Remi feat. Nadia Gattas - Africa (Radio Edit) (www.djoles.pl).mp3
[2012-12-11 16:04:15 | 005,601,181 | ---- | C] () -- C:\Users\Windows\Desktop\Tacabro - ASI ASI (Original Mix) HD.mp3
[2012-12-02 20:26:58 | 007,803,504 | ---- | C] () -- C:\Users\Windows\Desktop\Avicii-Last Dance.mp3
[2012-12-02 20:24:53 | 008,613,137 | ---- | C] () -- C:\Users\Windows\Desktop\Cascada-The rhythm of the night (Cardinal Edit).mp3
[2012-12-02 20:22:23 | 007,490,971 | ---- | C] () -- C:\Users\Windows\Desktop\Glamrock Brothers-Push the feeling on 2k12.mp3
[2012-12-02 20:20:38 | 007,551,627 | ---- | C] () -- C:\Users\Windows\Desktop\Tiesto ft. Allure-Pair of dice.mp3
[2012-12-01 16:08:38 | 008,403,068 | ---- | C] () -- C:\Users\Windows\Desktop\GrooveBusterz ft. Slayback-U&I.mp3
[2012-11-27 19:39:06 | 006,855,660 | ---- | C] () -- C:\Users\Windows\Desktop\Remady & Manu-Higher ground.mp3
[2012-11-23 16:31:30 | 000,007,597 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-17 11:50:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 11:33:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-16 21:35:04 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012-11-09 20:07:18 | 003,338,325 | ---- | C] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Carlprit-Do it all night.mp3
[2012-11-09 20:05:20 | 007,951,476 | ---- | C] () -- C:\Users\Windows\Desktop\Danceboy vs. Cary August-Drive by (Thomas Remix).mp3
[2012-11-09 19:54:41 | 008,193,181 | ---- | C] () -- C:\Users\Windows\Desktop\Daisy Hicks-Electric love.mp3
[2012-11-09 19:46:13 | 008,050,385 | ---- | C] () -- C:\Users\Windows\Desktop\Manuel Lauren-DJ Aflame.mp3
[2012-11-09 19:43:15 | 003,278,264 | ---- | C] () -- C:\Users\Windows\Desktop\Heads Will Roll-Yeah 3X (A-Trak Remix).mp3
[2012-11-09 19:36:15 | 008,070,877 | ---- | C] () -- C:\Users\Windows\Desktop\Remady & Manu ft. Amanda Wilson-Doing it right.mp3
[2012-11-09 19:27:42 | 009,412,233 | ---- | C] () -- C:\Users\Windows\Desktop\Carlprit-Fiesta (Michael Mind Project Edit).mp3
[2012-11-09 19:24:20 | 008,252,987 | ---- | C] () -- C:\Users\Windows\Desktop\Alexandra Shine-Play that game (Stephan F Remix).mp3
[2012-08-14 15:04:18 | 000,000,391 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-07-27 10:13:54 | 000,001,758 | ---- | C] () -- C:\Users\Windows\AppData\Local\recently-used.xbel
[2012-07-01 10:51:01 | 000,000,001 | ---- | C] () -- C:\Users\Windows\AppData\Local\llftool.4.12.agreement
[2012-06-21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-01-30 21:56:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-01-29 19:10:49 | 000,001,749 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012-01-29 11:13:12 | 000,056,832 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-29 13:04:08 | 001,637,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-28 22:35:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-12-09 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-17 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AIMP3
[2012-02-07 19:13:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AnvSoft
[2012-12-26 19:47:55 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AVG2013
[2012-12-25 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
[2012-05-14 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canneverbe Limited
[2012-01-14 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ChomikBox
[2012-02-11 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2012-11-03 11:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DMCache
[2012-08-14 15:00:58 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DVDVideoSoft
[2011-12-29 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gadu-Gadu 10
[2012-05-06 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2012-01-05 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2012-02-18 15:07:34 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ipla
[2012-09-28 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Nokia
[2012-10-24 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Notepad++
[2012-09-14 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Origin
[2012-09-28 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2012-02-11 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2012-01-04 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Software Informer
[2012-11-28 20:48:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-12-25 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-08-31 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Unity
[2012-03-14 20:20:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\wargaming.net

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2011-12-28 22:38:21 | 000,000,086 | ---- | M] () -- C:\CSB.LOG
[2012-12-26 19:42:08 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys
[2011-12-28 22:36:11 | 000,001,705 | ---- | M] () -- C:\RHDSetup.log
[2011-12-28 22:41:32 | 000,000,159 | ---- | M] () -- C:\Setup.log

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012-08-22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010-11-20 05:33:46 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010-11-20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 934759 bytes -> C:\Windows\Temp:temp

< End of report >
[/log]


Extras.txt
[log]OTL Extras logfile created on: 2012-12-26 19:57:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 61,83% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 6,04 Gb Free Space | 17,32% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 12,56 Gb Free Space | 31,75% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "D:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "D:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B58B30D-AE43-47E4-920C-AF73250BA60B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{485345C1-E635-4F61-B35F-B1F91063A5E0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4D8B0E83-07D7-4D5C-A41B-3700324EA3D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7673180C-EC1C-4649-A6E8-43E75511C956}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8AFCCD-A52E-451C-A3FF-61020AEF2958}" = lport=445 | protocol=6 | dir=in | app=system |
"{86BC8BC8-10B0-4650-AEE0-6A67FC30C051}" = rport=137 | protocol=17 | dir=out | app=system |
"{8701CD4E-10E7-4669-B5E7-2D7E8403E197}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{873529DB-A158-4AA8-88A1-5CD8AF50CE5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89F6E98A-2EDF-4061-887F-035BCA7B6F36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{93DE1E68-272F-4E19-AEF5-3D14483DA7AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{968E8DAE-40FE-4D28-ADFC-E58F43A86BBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{993866C3-8E14-4A36-834E-3345AB6548BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C5934D9-CEF0-4155-9B51-E0F94FBF85A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4556A28-3F30-4A31-B3C5-436E5C44FB54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA927290-31FE-4417-BCA1-378A08B38949}" = lport=138 | protocol=17 | dir=in | app=system |
"{C43D4073-6AED-4AD3-A9EC-63303CCE37A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4E4091D-0BDD-40C5-BD7D-609DCA864EEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5818950-8738-47C1-8A79-4F545EAD13CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE8D8188-2584-40B3-AB95-EBA45CE5199A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4B1A8BC-B654-4F1F-BA44-6B3CBBE23522}" = rport=445 | protocol=6 | dir=out | app=system |
"{E69321B8-8608-4CDB-A2D4-A4478ECDE5AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F26AE1E7-E419-4204-81A6-6F4749987B1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F406CC56-3001-411A-B971-2204BB786619}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5EAA343-3439-4C70-A27A-2ED93B8007FA}" = lport=6004 | protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\outlook.exe |
"{FA97726E-4BC4-4F64-81F2-8BDFB96CA564}" = rport=139 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EEAE13-FE0C-4D80-8ECF-D51B4FC92502}" = protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\groove.exe |
"{0EFC5BA5-B7F2-47DD-8500-2721D2C6F7DF}" = protocol=17 | dir=in | app=d:\programy\dirt3\dirt3_game.exe |
"{1153C67F-B618-4A59-829C-7C51B8DEB317}" = dir=in | app=d:\programy\farming simulator 2013\farmingsimulator2013.exe |
"{12D6AFA4-7E9D-42E8-8455-85A798ACFC2E}" = protocol=6 | dir=in | app=d:\programy\tcgrfs\gu.exe |
"{15985078-FA8F-48FF-8621-3433BA2A0DCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19E8E0CB-0021-490E-A5D5-B39A64D8C0A5}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgemca.exe |
"{1CC7AEF0-BEC6-48F3-8DF7-FEE5BEAC78AB}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgnsa.exe |
"{22EBC8EC-ABC6-41C5-8151-C8CFD967C54F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23363D4A-B749-4486-A3B6-456AC958A29C}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgemca.exe |
"{26317EF4-07A8-4283-B9A3-76EF034B9A11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2932CEB0-4ADD-4329-9372-D1B488D85644}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{29BC1492-E2AA-4DB2-9859-30200F273AF0}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgnsa.exe |
"{2B1F9362-630E-4BB1-B009-E465BE34EC92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38868B53-3062-430B-A91A-6AC5AD65DD81}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C3FA538-0C20-4F5E-BEB1-A2C65A5318D9}" = protocol=6 | dir=in | app=d:\programy\microsoft office 2010\office14\onenote.exe |
"{3FEC4A37-977B-4747-A66E-20CBF05A8D77}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgdiagex.exe |
"{42A01063-C2A8-45A7-A204-FBFB6C759524}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{449BEFB2-A034-49B2-A442-FCC79C7A532E}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgnsa.exe |
"{450CE431-02D3-45D1-AAB8-43500554ACA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51B57335-E539-46CC-886A-D5DF89C6B3F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{583FE73C-3111-4618-83F7-1CFC8A94B28D}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgdiagex.exe |
"{5B1B37BE-E299-4FBF-B37D-23171481A61A}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgdiagex.exe |
"{5C22613D-A343-431F-8CA2-4D56FA7494CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{644AB586-B4A2-43CA-A290-C5F69B1120B9}" = protocol=17 | dir=in | app=d:\programy\tcgrfs\gu.exe |
"{64B3C067-7FE1-49C5-8E78-3542C7B2D4B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69516F2E-EB31-4883-8E60-54BA5BF276D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AB0471D-DA85-4AC9-94FB-0611E459DE6F}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgmfapx.exe |
"{6E0F7189-FAAF-4E8D-9182-09B350951146}" = dir=in | app=d:\programy\farming simulator 2013\farmingsimulator2013game.exe |
"{71BE0437-1B7F-4D66-B49D-57D1EF023DD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{761603E0-1E37-4311-B1E6-62E8E7A8B367}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgnsa.exe |
"{7667657E-3148-4137-938D-DD12E67D7C58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D177032-CC1C-412C-9AB1-8D69FFB7266F}" = protocol=6 | dir=in | app=d:\programy\dirt3\dirt3_game.exe |
"{7EF41F8D-377D-440A-B485-8F31DACB6841}" = protocol=17 | dir=in | app=d:\programy\samsung\npsasvr.exe |
"{7F2638D6-84F2-46DE-B447-3CC574C451EB}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgmfapx.exe |
"{8374DBE9-0851-4F42-9BA0-7068A9B7BCC1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8572029A-7F53-4664-95EC-9C590AC00718}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgemca.exe |
"{85C87A1B-F96A-4BE6-9BB4-934605212D5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87265B3E-DE3B-49D0-A2AA-0D2DF5D4123C}" = protocol=6 | dir=out | app=system |
"{8F31CBBD-2F0C-492C-872F-1E5BE3768C62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{955ACBB1-6C71-4F2F-8805-5423756E2710}" = protocol=6 | dir=in | app=d:\programy\samsung\npsvsvr.exe |
"{97C4E202-792C-4A3E-838C-6601F4715ED0}" = protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\onenote.exe |
"{9C3F6985-74AA-4BD5-9952-C680C31A4AB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A172684F-C023-42D3-ABDD-7634853C1EA4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7BB55E5-7DD5-4537-9402-0DBE025D8ACB}" = protocol=6 | dir=in | app=d:\programy\microsoft office 2010\office14\groove.exe |
"{A7FBAF00-CC17-47C2-A9EC-2135A45292D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC98D7C2-73A1-457D-8445-AA6DE5A0B743}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B37FF819-4381-4EDB-BC5F-9242ABD5E5F5}" = protocol=17 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"{C0E81159-7BD1-4ACF-8154-C4ACAE12A25D}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgmfapx.exe |
"{C26EFA35-8FEA-42EE-AD9E-A4848CBBA22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0D14AB8-8AFC-4802-A77D-A098CA4ABC38}" = protocol=6 | dir=in | app=d:\programy\samsung\npsasvr.exe |
"{D0E1E5D4-EA34-4C9A-8709-AE4CB8A0C955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6B53311-2EE6-47B0-931D-D754CE073533}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgmfapx.exe |
"{D6CCAF28-90E6-4F04-A54E-81AC50D2F614}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{D86D1A50-F0F7-4E00-BFE5-D44A62A26C19}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgemca.exe |
"{D8D32165-4686-471A-8CE8-CE623F3DB2CF}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgdiagex.exe |
"{DF962BA5-18DB-47BE-AE0C-9C524BD86C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E38E0CD1-975C-460B-8737-D9F1544FC622}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3C6F384-369F-4E7F-ADA0-C018D165DC3A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E8815790-5741-42B9-B360-6209186603FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EA8F167C-4450-4426-BD75-B3CFD451146B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F15C1779-6CE4-416D-82C0-B5022D15A025}" = protocol=6 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"{FD2C91E9-35C1-4A37-B93C-87AAC1CD1DF0}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{FE10876B-B543-434D-9116-BF6F0DBD47C8}" = protocol=17 | dir=in | app=d:\programy\samsung\npsvsvr.exe |
"TCP Query User{2FC4CFAE-F671-4058-8976-83D1BE85F194}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{59B12F2A-CB70-42D3-9E9C-6420424F4EA3}D:\programy\fifa 13\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\programy\fifa 13\fifa 13\game\fifa13.exe |
"TCP Query User{62B34BF1-98F3-4583-9510-DC2363245C14}D:\programy\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\programy\gadu-gadu 10\gg.exe |
"TCP Query User{8429DAA4-B25F-411C-800B-4BC8EA496869}D:\programy\tcgrfs\future soldier.exe" = protocol=6 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"TCP Query User{B325D97E-DAFD-4B88-92FC-BFAAB242047C}D:\programy\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\programy\vuze\azureus.exe |
"TCP Query User{D04C1F2D-F11D-4FF7-8E82-D32100804A45}D:\programy\resident evil\raccooncity.exe" = protocol=6 | dir=in | app=d:\programy\resident evil\raccooncity.exe |
"UDP Query User{0333F9CC-946F-4B6F-A38A-A03D4098E8F0}D:\programy\tcgrfs\future soldier.exe" = protocol=17 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"UDP Query User{0C785F67-782C-4597-B83E-E2896F5EE584}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{0D0D2EC5-2EE2-4BD2-B3B8-E5129D32680E}D:\programy\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\programy\vuze\azureus.exe |
"UDP Query User{11996270-FA3D-45A7-81B5-C40833829705}D:\programy\fifa 13\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\programy\fifa 13\fifa 13\game\fifa13.exe |
"UDP Query User{2B256038-452E-4B67-A91C-09AD3658AC0A}D:\programy\resident evil\raccooncity.exe" = protocol=17 | dir=in | app=d:\programy\resident evil\raccooncity.exe |
"UDP Query User{3E78360F-EB52-4A6B-B523-F7649A6FB7E9}D:\programy\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\programy\gadu-gadu 10\gg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2013
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"360Amigo" = 360 Amigo System Speedup PRO
"3643efd4" = Contextual Tool Extrafind
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP3" = AIMP3
"BurnAware Free_is1" = BurnAware Free 5.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gadu-Gadu 10" = Gadu-Gadu 10
"IrfanView" = IrfanView (remove only)
"LiveVDO" = LiveVDO
"LiveVDO plugin" = LiveVDO plugin 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"StartSearch Toolbar" = StartSearch Toolbar 1.3

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-20 10:26:01 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-20 11:05:11 | Computer Name = Win-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "D:\Programy\Nokia Suite\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-12-21 06:51:33 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-21 12:34:17 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-22 07:36:04 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-22 14:01:15 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b71a4b Nazwa modułu powodującego błąd: xul.dll, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b7198b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00144ed8
Identyfikator
procesu powodującego błąd: 0x8c0 Godzina uruchomienia aplikacji powodującej błąd:
0x01cde066b86d8278 Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\firefox.exe
Ścieżka
modułu powodującego błąd: D:\Programy\Mozilla Firefox\xul.dll Identyfikator raportu:
9347d428-4c61-11e2-83a3-9e0e79b4eb99

Error - 2012-12-24 07:38:26 | Computer Name = Win-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "D:\Programy\Nokia Suite\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-12-24 16:16:59 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-25 11:07:03 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-25 15:35:50 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Future Soldier.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x4fc7852e Nazwa modułu powodującego błąd: Future Soldier.exe,
wersja: 0.0.0.0, sygnatura czasowa: 0x4fc7852e Kod wyjątku: 0x40000015 Przesunięcie
błędu: 0x00444e6a Identyfikator procesu powodującego błąd: 0x4c4 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cde2d2800fb324 Ścieżka aplikacji powodującej błąd:
D:\Programy\TCGRFS\Future Soldier.exe Ścieżka modułu powodującego błąd: D:\Programy\TCGRFS\Future
Soldier.exe Identyfikator raportu: 494bdad4-4eca-11e2-b709-ba4fb73feba5

Error - 2012-12-26 14:38:34 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b71a4b Nazwa modułu powodującego błąd: xul.dll, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b7198b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00144ed8
Identyfikator
procesu powodującego błąd: 0xedc Godzina uruchomienia aplikacji powodującej błąd:
0x01cde39595ea87a0 Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\firefox.exe
Ścieżka
modułu powodującego błąd: D:\Programy\Mozilla Firefox\xul.dll Identyfikator raportu:
73ec0400-4f8b-11e2-a27f-bb60148493d1

[ System Events ]
Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:03 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:03 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.


< End of report >

[/log]

wirusolog
komentarz
komentarz

[b]1.[/b] Uruchom OTL i w sekcji [b]Własne opcje skanowania / skrypt[/b] wklej:

[quote]:OTL
@Alternate Data Stream - 934759 bytes -> C:\Windows\Temp:temp
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...6&ts=1347112262
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?u...6&ts=1347112262
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...6&ts=1347112262
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?u...6&ts=1347112262
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope = {B95BEC67-55A1-4549-B178-31626D0A5B8D}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{8CF4B1EF-207D-4F90-9C30-6B4A6A62AC7B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{C55A7213-2DC5-49D5-93E7-76F4DA773C1C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{C68C8B56-22CC-4B7A-8BB3-5ACF9DF123DE}: "URL" = http://websearch.ask...F4-314027C0F8C3
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "error"
FF - prefs.js..browser.search.order.1: "error"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..keyword.URL: "error"
FF - user.js - File not found
CHR - homepage: http://www.v9.com/?u...6&ts=1347112262
CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = http://search.v9.com...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.v9.com/?u...6&ts=1347112262
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: File not found
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

:Files
C:\Windows\tasks\*.job

:Commands
[emptytemp][/quote]
Klik w [b]Wykonaj skrypt[/b]. System zostanie zrestartowany.

[b]2.[/b] Uruchom [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#1072E0][b]AdwCleaner[/b][/color][/url] i zastosuj [b]Delete[/b]. Na dysku C powstanie log z usuwania.

[b]3.[/b] Zrób nowy log OTL z opcji [b]Skanuj[/b]. Dołącz raport z usuwania OTLem + raport z czyszczenia z AdwCleaner i nowy komplet logów z OTL.

maryjanek
komentarz
komentarz

[b]1.[/b] 12272012_133059.txt
[log]All processes killed
========== OTL ==========
ADS C:\Windows\Temp:temp deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B95BEC67-55A1-4549-B178-31626D0A5B8D}\ not found.
HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8CF4B1EF-207D-4F90-9C30-6B4A6A62AC7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CF4B1EF-207D-4F90-9C30-6B4A6A62AC7B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B95BEC67-55A1-4549-B178-31626D0A5B8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B95BEC67-55A1-4549-B178-31626D0A5B8D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C55A7213-2DC5-49D5-93E7-76F4DA773C1C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55A7213-2DC5-49D5-93E7-76F4DA773C1C}\ not found.
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C68C8B56-22CC-4B7A-8BB3-5ACF9DF123DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C68C8B56-22CC-4B7A-8BB3-5ACF9DF123DE}\ not found.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "error" removed from browser.search.defaultenginename
Prefs.js: "error" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&ilc=12&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: "error" removed from keyword.URL
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\ubisoft.com/uplaypc\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000UA.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Windows
->Temp folder emptied: 20205628 bytes
->Temporary Internet Files folder emptied: 478090 bytes
->Java cache emptied: 98646902 bytes
->FireFox cache emptied: 435328589 bytes
->Google Chrome cache emptied: 5999218 bytes
->Flash cache emptied: 8391 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2623090 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 537,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12272012_133059

Files\Folders moved on Reboot...
C:\Users\Windows\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...[/log]

[b]2.[/b] AdwCleaner[S1]
[log]# AdwCleaner v2.103 - Log utworzony 27/12/2012 o 13:38:25
# Aktualizacja 25/12/2012 przez Xplode
# System operacyjny : Windows 7 Ultimate Service Pack 1 (64 bits)
# Użytkownik : Windows - WIN-KOMPUTER
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Users\Windows\Desktop\adwcleaner.exe
# Opcja [Usuń]

***** [Usługi] *****


***** [Pliki / Foldery] *****

Folder Usunięto : C:\Program Files (x86)\StartSearch plugin
Folder Usunięto : C:\ProgramData\InstallMate
Folder Usunięto : C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Folder Usunięto : C:\Users\Windows\AppData\Local\TempDir
Folder Usunięto : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Plik Usunięto : C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\APN PIP
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\StartSearch
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\Software\PIP
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Rejestr w porządku.

-\\ Mozilla Firefox v17.0.1 (pl)

Plik : C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\prefs.js

Usunięto : user_pref("extensions.504cc4a0cd55b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Usunięto : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);

-\\ Google Chrome v23.0.1271.97

Plik : C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Preferences

Usunięto [l.11] : homepage = "hxxp://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD[...]
Usunięto [l.15] : urls_to_restore_on_startup = [ "hxxp://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&ui[...]
Usunięto [l.55] : keyword = "v9.com",
Usunięto [l.58] : search_url = "hxxp://search.v9.com/web/?q={searchTerms}",
Usunięto [l.1619] : homepage = "hxxp://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=WDC_WD800BB-00DKA0_WD-WC[...]
Usunięto [l.1971] : urls_to_restore_on_startup = [ "hxxp://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=W[...]

*************************

AdwCleaner[S1].txt - [4747 octets] - [27/12/2012 13:38:25]

########## EOF - C:\AdwCleaner[S1].txt - [4807 octets] ##########[/log]

[b]3.[/b] OTL.txt
[log]OTL logfile created on: 2012-12-27 13:43:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,48% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 6,56 Gb Free Space | 18,81% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 12,70 Gb Free Space | 32,09% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2012-12-25 19:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgui.exe
PRC - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgidsagent.exe
PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgwdsvc.exe
PRC - [2012-10-10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2012-03-30 20:17:23 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
MOD - [2012-11-14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2012-11-14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2012-11-14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgui.exe
MOD - [2012-11-06 00:11:52 | 002,606,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgkrnlapix.dll
MOD - [2012-10-29 03:38:18 | 001,001,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgcfgx.dll
MOD - [2012-10-22 13:04:38 | 002,024,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avguires.dll
MOD - [2012-10-22 13:04:36 | 000,025,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgapps.dll
MOD - [2012-10-22 13:04:16 | 000,797,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgsysx.dll
MOD - [2012-10-22 13:04:12 | 000,862,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgntopensslx.dll
MOD - [2012-10-22 13:04:10 | 000,311,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avglogx.dll
MOD - [2012-10-22 13:04:10 | 000,177,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avglngx.dll
MOD - [2012-10-22 13:04:08 | 000,481,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgcommx.dll
MOD - [2012-10-22 13:04:04 | 000,348,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgidpmx.dll
MOD - [2012-10-22 13:03:44 | 000,279,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgclitx.dll
MOD - [2012-10-04 17:47:41 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2012-10-04 17:47:40 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2012-09-08 16:22:22 | 000,834,000 | ---- | M] (Google Inc.) -- C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
MOD - [2012-08-24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2012-07-04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2012-06-02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2012-06-02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2012-06-02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2012-05-05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2012-04-07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2012-03-30 20:17:23 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe
MOD - [2012-03-01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2012-01-04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2011-12-16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011-11-17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011-08-27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011-06-11 01:58:52 | 004,422,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100u.dll
MOD - [2011-06-11 01:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll
MOD - [2011-06-11 01:58:52 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll
MOD - [2011-06-11 01:58:52 | 000,055,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100enu.dll
MOD - [2011-05-24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011-05-24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2010-11-20 04:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010-11-20 04:21:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010-11-20 04:21:38 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010-11-20 04:21:38 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010-11-20 04:21:38 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010-11-20 04:21:36 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010-11-20 04:21:34 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010-11-20 04:21:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010-11-20 04:21:28 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010-11-20 04:21:26 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010-11-20 04:21:20 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010-11-20 04:21:16 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010-11-20 04:21:16 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010-11-20 04:21:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010-11-20 04:20:58 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010-11-20 04:20:50 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-11-20 04:20:50 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010-11-20 04:20:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010-11-20 04:19:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstask.dll
MOD - [2010-11-20 04:19:46 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010-11-20 04:19:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010-11-20 04:18:28 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010-11-20 04:18:26 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010-11-20 04:18:24 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010-11-20 04:18:04 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010-11-20 04:18:04 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010-11-20 04:16:52 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010-11-20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010-11-20 04:08:58 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010-11-20 04:08:52 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010-11-20 04:08:52 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010-11-20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-12-25 19:42:38 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-11-06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-10-10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-20 13:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-01-30 21:56:34 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2012-10-05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2012-06-11 10:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-29 13:17:55 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-11-15 04:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2011-07-08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010-08-12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010-02-25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-07-29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012-01-21 15:38:29 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1004\..\SearchScopes,DefaultScope =

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl/firefox"
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2012-12-06 15:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2012-12-06 15:16:08 | 000,000,000 | ---D | M]

[2012-04-10 10:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2012-12-15 12:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\ypbnexiu.default\extensions
[2012-12-15 12:00:49 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Programy\Adobe Reader X\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Windows\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: StartSearch Video plug-in = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\
CHR - Extension: YouTube = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] D:\Programy\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [360Amigo] D:\Programy\360Amigo\360Amigo.exe (360 Amigo)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D268F165-161E-46FD-B7EB-1ECA4DBD1455}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-12-27 13:30:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-26 19:47:55 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\AVG2013
[2012-12-26 19:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-12-26 19:46:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-12-26 19:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012-12-26 18:22:12 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Avg2013
[2012-12-26 18:04:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012-12-26 13:51:34 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\FLiNGTrainer
[2012-12-25 20:03:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\PunkBuster
[2012-12-25 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\Ubisoft
[2012-12-25 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-12-19 18:28:45 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Ubisoft Game Launcher
[2012-12-19 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-12-17 20:09:43 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\SniperV2
[2012-12-17 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\SKIDROW
[2012-12-17 16:25:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-12-09 15:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012-11-28 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-11-28 20:46:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-11-28 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\MFAData
[2012-11-28 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-11-27 16:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-11-26 15:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2012-11-25 17:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012-11-25 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-11-25 17:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-11-25 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012-11-25 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012-11-25 17:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012-11-25 17:16:35 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2012-11-25 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012-11-25 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012-11-25 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012-11-25 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012-11-24 20:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LiveVDO plugin
[2012-11-19 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-11-16 21:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012-11-16 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012-11-09 19:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012-11-09 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012-11-03 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\DMCache

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-12-27 13:40:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-27 13:39:08 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-27 13:39:08 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-27 13:37:19 | 000,550,017 | ---- | M] () -- C:\Users\Windows\Desktop\adwcleaner.exe
[2012-12-26 20:27:39 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-12-26 20:27:39 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-12-26 18:35:38 | 001,662,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-12-26 18:35:38 | 000,737,730 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-12-26 18:35:38 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-12-26 18:35:38 | 000,154,418 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-12-26 18:35:38 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-12-26 18:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012-12-26 15:29:51 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-12-26 13:51:13 | 000,558,252 | ---- | M] () -- C:\Users\Windows\Desktop\Ghost Recon Future Soldier - trainer+12.rar
[2012-12-25 20:01:55 | 000,000,665 | ---- | M] () -- C:\Users\Windows\Desktop\Future Soldier — skrót.lnk
[2012-12-25 19:42:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-12-22 15:42:47 | 006,874,007 | ---- | M] () -- C:\Users\Windows\Desktop\Jingle Bells - Official 2012_2013 Techno Remix -.mp3
[2012-12-22 15:41:04 | 000,056,832 | ---- | M] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-22 11:04:26 | 000,417,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-12-19 19:08:41 | 010,655,755 | ---- | M] () -- C:\Users\Windows\Desktop\Taio Cruz-Fast car (8 Barz Remix).mp3
[2012-12-19 18:57:00 | 006,497,437 | ---- | M] () -- C:\Users\Windows\Desktop\Michael Mind Project Feat. Dante Thomas - Nothing Lasts Forever (Radio Edit) (CDQ) ( 2o12 ).mp3
[2012-12-12 19:38:37 | 003,242,944 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark-Broadway (Da Brozz Remix).mp3
[2012-12-11 16:16:33 | 006,945,181 | ---- | M] () -- C:\Users\Windows\Desktop\Let's Go Project - Yeke Yeke ( Kuba S & Fisher Remix ).mp3
[2012-12-11 16:06:07 | 008,560,768 | ---- | M] () -- C:\Users\Windows\Desktop\Kalwi & Remi feat. Nadia Gattas - Africa (Radio Edit) (www.djoles.pl).mp3
[2012-12-11 16:04:27 | 005,601,181 | ---- | M] () -- C:\Users\Windows\Desktop\Tacabro - ASI ASI (Original Mix) HD.mp3
[2012-12-02 20:26:58 | 007,803,504 | ---- | M] () -- C:\Users\Windows\Desktop\Avicii-Last Dance.mp3
[2012-12-02 20:24:54 | 008,613,137 | ---- | M] () -- C:\Users\Windows\Desktop\Cascada-The rhythm of the night (Cardinal Edit).mp3
[2012-12-02 20:22:23 | 007,490,971 | ---- | M] () -- C:\Users\Windows\Desktop\Glamrock Brothers-Push the feeling on 2k12.mp3
[2012-12-02 20:20:45 | 007,551,627 | ---- | M] () -- C:\Users\Windows\Desktop\Tiesto ft. Allure-Pair of dice.mp3
[2012-12-01 16:08:49 | 008,403,068 | ---- | M] () -- C:\Users\Windows\Desktop\GrooveBusterz ft. Slayback-U&I.mp3
[2012-11-28 20:41:44 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012-11-27 19:39:18 | 006,855,660 | ---- | M] () -- C:\Users\Windows\Desktop\Remady & Manu-Higher ground.mp3
[2012-11-23 16:31:30 | 000,007,597 | ---- | M] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-17 12:30:06 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012-11-16 21:08:00 | 000,000,391 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-11-09 20:07:18 | 003,338,325 | ---- | M] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Carlprit-Do it all night.mp3
[2012-11-09 20:05:21 | 007,951,476 | ---- | M] () -- C:\Users\Windows\Desktop\Danceboy vs. Cary August-Drive by (Thomas Remix).mp3
[2012-11-09 19:54:59 | 008,193,181 | ---- | M] () -- C:\Users\Windows\Desktop\Daisy Hicks-Electric love.mp3
[2012-11-09 19:46:14 | 008,050,385 | ---- | M] () -- C:\Users\Windows\Desktop\Manuel Lauren-DJ Aflame.mp3
[2012-11-09 19:43:42 | 003,278,264 | ---- | M] () -- C:\Users\Windows\Desktop\Heads Will Roll-Yeah 3X (A-Trak Remix).mp3
[2012-11-09 19:36:17 | 008,070,877 | ---- | M] () -- C:\Users\Windows\Desktop\Remady & Manu ft. Amanda Wilson-Doing it right.mp3
[2012-11-09 19:27:43 | 009,412,233 | ---- | M] () -- C:\Users\Windows\Desktop\Carlprit-Fiesta (Michael Mind Project Edit).mp3
[2012-11-09 19:24:27 | 008,252,987 | ---- | M] () -- C:\Users\Windows\Desktop\Alexandra Shine-Play that game (Stephan F Remix).mp3

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-27 13:37:18 | 000,550,017 | ---- | C] () -- C:\Users\Windows\Desktop\adwcleaner.exe
[2012-12-26 13:51:12 | 000,558,252 | ---- | C] () -- C:\Users\Windows\Desktop\Ghost Recon Future Soldier - trainer+12.rar
[2012-12-25 20:03:32 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-12-25 20:01:55 | 000,000,665 | ---- | C] () -- C:\Users\Windows\Desktop\Future Soldier — skrót.lnk
[2012-12-25 19:19:11 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-12-25 19:19:11 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-12-25 19:19:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-12-22 15:42:27 | 006,874,007 | ---- | C] () -- C:\Users\Windows\Desktop\Jingle Bells - Official 2012_2013 Techno Remix -.mp3
[2012-12-19 19:08:09 | 010,655,755 | ---- | C] () -- C:\Users\Windows\Desktop\Taio Cruz-Fast car (8 Barz Remix).mp3
[2012-12-19 18:56:45 | 006,497,437 | ---- | C] () -- C:\Users\Windows\Desktop\Michael Mind Project Feat. Dante Thomas - Nothing Lasts Forever (Radio Edit) (CDQ) ( 2o12 ).mp3
[2012-12-12 19:38:36 | 003,242,944 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark-Broadway (Da Brozz Remix).mp3
[2012-12-11 16:16:19 | 006,945,181 | ---- | C] () -- C:\Users\Windows\Desktop\Let's Go Project - Yeke Yeke ( Kuba S & Fisher Remix ).mp3
[2012-12-11 16:06:02 | 008,560,768 | ---- | C] () -- C:\Users\Windows\Desktop\Kalwi & Remi feat. Nadia Gattas - Africa (Radio Edit) (www.djoles.pl).mp3
[2012-12-11 16:04:15 | 005,601,181 | ---- | C] () -- C:\Users\Windows\Desktop\Tacabro - ASI ASI (Original Mix) HD.mp3
[2012-12-02 20:26:58 | 007,803,504 | ---- | C] () -- C:\Users\Windows\Desktop\Avicii-Last Dance.mp3
[2012-12-02 20:24:53 | 008,613,137 | ---- | C] () -- C:\Users\Windows\Desktop\Cascada-The rhythm of the night (Cardinal Edit).mp3
[2012-12-02 20:22:23 | 007,490,971 | ---- | C] () -- C:\Users\Windows\Desktop\Glamrock Brothers-Push the feeling on 2k12.mp3
[2012-12-02 20:20:38 | 007,551,627 | ---- | C] () -- C:\Users\Windows\Desktop\Tiesto ft. Allure-Pair of dice.mp3
[2012-12-01 16:08:38 | 008,403,068 | ---- | C] () -- C:\Users\Windows\Desktop\GrooveBusterz ft. Slayback-U&I.mp3
[2012-11-27 19:39:06 | 006,855,660 | ---- | C] () -- C:\Users\Windows\Desktop\Remady & Manu-Higher ground.mp3
[2012-11-23 16:31:30 | 000,007,597 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-17 11:50:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 11:33:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-16 21:35:04 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012-11-09 20:07:18 | 003,338,325 | ---- | C] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Carlprit-Do it all night.mp3
[2012-11-09 20:05:20 | 007,951,476 | ---- | C] () -- C:\Users\Windows\Desktop\Danceboy vs. Cary August-Drive by (Thomas Remix).mp3
[2012-11-09 19:54:41 | 008,193,181 | ---- | C] () -- C:\Users\Windows\Desktop\Daisy Hicks-Electric love.mp3
[2012-11-09 19:46:13 | 008,050,385 | ---- | C] () -- C:\Users\Windows\Desktop\Manuel Lauren-DJ Aflame.mp3
[2012-11-09 19:43:15 | 003,278,264 | ---- | C] () -- C:\Users\Windows\Desktop\Heads Will Roll-Yeah 3X (A-Trak Remix).mp3
[2012-11-09 19:36:15 | 008,070,877 | ---- | C] () -- C:\Users\Windows\Desktop\Remady & Manu ft. Amanda Wilson-Doing it right.mp3
[2012-11-09 19:27:42 | 009,412,233 | ---- | C] () -- C:\Users\Windows\Desktop\Carlprit-Fiesta (Michael Mind Project Edit).mp3
[2012-11-09 19:24:20 | 008,252,987 | ---- | C] () -- C:\Users\Windows\Desktop\Alexandra Shine-Play that game (Stephan F Remix).mp3
[2012-08-14 15:04:18 | 000,000,391 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-07-27 10:13:54 | 000,001,758 | ---- | C] () -- C:\Users\Windows\AppData\Local\recently-used.xbel
[2012-07-01 10:51:01 | 000,000,001 | ---- | C] () -- C:\Users\Windows\AppData\Local\llftool.4.12.agreement
[2012-06-21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-01-30 21:56:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-01-29 19:10:49 | 000,001,749 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012-01-29 11:13:12 | 000,056,832 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-29 13:04:08 | 001,637,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-28 22:35:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-12-09 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-17 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AIMP3
[2012-02-07 19:13:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AnvSoft
[2012-12-26 19:47:55 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AVG2013
[2012-12-25 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
[2012-05-14 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canneverbe Limited
[2012-01-14 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ChomikBox
[2012-02-11 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2012-11-03 11:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DMCache
[2012-08-14 15:00:58 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DVDVideoSoft
[2011-12-29 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gadu-Gadu 10
[2012-05-06 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2012-01-05 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2012-02-18 15:07:34 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ipla
[2012-09-28 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Nokia
[2012-10-24 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Notepad++
[2012-09-14 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Origin
[2012-09-28 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2012-02-11 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2012-01-04 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Software Informer
[2012-11-28 20:48:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-12-25 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-08-31 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Unity
[2012-03-14 20:20:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\wargaming.net

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-12-27 13:38:48 | 000,004,866 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2011-12-28 22:38:21 | 000,000,086 | ---- | M] () -- C:\CSB.LOG
[2012-12-27 13:40:12 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys
[2011-12-28 22:36:11 | 000,001,705 | ---- | M] () -- C:\RHDSetup.log
[2011-12-28 22:41:32 | 000,000,159 | ---- | M] () -- C:\Setup.log

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010-11-20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012-08-22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010-11-20 05:33:46 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010-11-20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< End of report >[/log]

Extras.txt
[log]OTL Extras logfile created on: 2012-12-27 13:43:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,48% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 6,56 Gb Free Space | 18,81% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 12,70 Gb Free Space | 32,09% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "D:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "D:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B58B30D-AE43-47E4-920C-AF73250BA60B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{485345C1-E635-4F61-B35F-B1F91063A5E0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4D8B0E83-07D7-4D5C-A41B-3700324EA3D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7673180C-EC1C-4649-A6E8-43E75511C956}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8AFCCD-A52E-451C-A3FF-61020AEF2958}" = lport=445 | protocol=6 | dir=in | app=system |
"{86BC8BC8-10B0-4650-AEE0-6A67FC30C051}" = rport=137 | protocol=17 | dir=out | app=system |
"{8701CD4E-10E7-4669-B5E7-2D7E8403E197}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{873529DB-A158-4AA8-88A1-5CD8AF50CE5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89F6E98A-2EDF-4061-887F-035BCA7B6F36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{93DE1E68-272F-4E19-AEF5-3D14483DA7AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{968E8DAE-40FE-4D28-ADFC-E58F43A86BBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{993866C3-8E14-4A36-834E-3345AB6548BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C5934D9-CEF0-4155-9B51-E0F94FBF85A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4556A28-3F30-4A31-B3C5-436E5C44FB54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA927290-31FE-4417-BCA1-378A08B38949}" = lport=138 | protocol=17 | dir=in | app=system |
"{C43D4073-6AED-4AD3-A9EC-63303CCE37A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4E4091D-0BDD-40C5-BD7D-609DCA864EEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5818950-8738-47C1-8A79-4F545EAD13CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE8D8188-2584-40B3-AB95-EBA45CE5199A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4B1A8BC-B654-4F1F-BA44-6B3CBBE23522}" = rport=445 | protocol=6 | dir=out | app=system |
"{E69321B8-8608-4CDB-A2D4-A4478ECDE5AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F26AE1E7-E419-4204-81A6-6F4749987B1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F406CC56-3001-411A-B971-2204BB786619}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5EAA343-3439-4C70-A27A-2ED93B8007FA}" = lport=6004 | protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\outlook.exe |
"{FA97726E-4BC4-4F64-81F2-8BDFB96CA564}" = rport=139 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EEAE13-FE0C-4D80-8ECF-D51B4FC92502}" = protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\groove.exe |
"{0EFC5BA5-B7F2-47DD-8500-2721D2C6F7DF}" = protocol=17 | dir=in | app=d:\programy\dirt3\dirt3_game.exe |
"{1153C67F-B618-4A59-829C-7C51B8DEB317}" = dir=in | app=d:\programy\farming simulator 2013\farmingsimulator2013.exe |
"{12D6AFA4-7E9D-42E8-8455-85A798ACFC2E}" = protocol=6 | dir=in | app=d:\programy\tcgrfs\gu.exe |
"{15985078-FA8F-48FF-8621-3433BA2A0DCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19E8E0CB-0021-490E-A5D5-B39A64D8C0A5}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgemca.exe |
"{1CC7AEF0-BEC6-48F3-8DF7-FEE5BEAC78AB}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgnsa.exe |
"{22EBC8EC-ABC6-41C5-8151-C8CFD967C54F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23363D4A-B749-4486-A3B6-456AC958A29C}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgemca.exe |
"{26317EF4-07A8-4283-B9A3-76EF034B9A11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2932CEB0-4ADD-4329-9372-D1B488D85644}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{29BC1492-E2AA-4DB2-9859-30200F273AF0}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgnsa.exe |
"{2B1F9362-630E-4BB1-B009-E465BE34EC92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38868B53-3062-430B-A91A-6AC5AD65DD81}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C3FA538-0C20-4F5E-BEB1-A2C65A5318D9}" = protocol=6 | dir=in | app=d:\programy\microsoft office 2010\office14\onenote.exe |
"{3FEC4A37-977B-4747-A66E-20CBF05A8D77}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgdiagex.exe |
"{42A01063-C2A8-45A7-A204-FBFB6C759524}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{449BEFB2-A034-49B2-A442-FCC79C7A532E}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgnsa.exe |
"{450CE431-02D3-45D1-AAB8-43500554ACA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51B57335-E539-46CC-886A-D5DF89C6B3F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{583FE73C-3111-4618-83F7-1CFC8A94B28D}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgdiagex.exe |
"{5B1B37BE-E299-4FBF-B37D-23171481A61A}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgdiagex.exe |
"{5C22613D-A343-431F-8CA2-4D56FA7494CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{644AB586-B4A2-43CA-A290-C5F69B1120B9}" = protocol=17 | dir=in | app=d:\programy\tcgrfs\gu.exe |
"{64B3C067-7FE1-49C5-8E78-3542C7B2D4B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69516F2E-EB31-4883-8E60-54BA5BF276D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AB0471D-DA85-4AC9-94FB-0611E459DE6F}" = protocol=17 | dir=in | app=d:\programy\avg2013\avgmfapx.exe |
"{6E0F7189-FAAF-4E8D-9182-09B350951146}" = dir=in | app=d:\programy\farming simulator 2013\farmingsimulator2013game.exe |
"{71BE0437-1B7F-4D66-B49D-57D1EF023DD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{761603E0-1E37-4311-B1E6-62E8E7A8B367}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgnsa.exe |
"{7667657E-3148-4137-938D-DD12E67D7C58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D177032-CC1C-412C-9AB1-8D69FFB7266F}" = protocol=6 | dir=in | app=d:\programy\dirt3\dirt3_game.exe |
"{7EF41F8D-377D-440A-B485-8F31DACB6841}" = protocol=17 | dir=in | app=d:\programy\samsung\npsasvr.exe |
"{7F2638D6-84F2-46DE-B447-3CC574C451EB}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgmfapx.exe |
"{8374DBE9-0851-4F42-9BA0-7068A9B7BCC1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8572029A-7F53-4664-95EC-9C590AC00718}" = protocol=17 | dir=in | app=d:\programy\avg anti-virus\avgemca.exe |
"{85C87A1B-F96A-4BE6-9BB4-934605212D5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87265B3E-DE3B-49D0-A2AA-0D2DF5D4123C}" = protocol=6 | dir=out | app=system |
"{8F31CBBD-2F0C-492C-872F-1E5BE3768C62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{955ACBB1-6C71-4F2F-8805-5423756E2710}" = protocol=6 | dir=in | app=d:\programy\samsung\npsvsvr.exe |
"{97C4E202-792C-4A3E-838C-6601F4715ED0}" = protocol=17 | dir=in | app=d:\programy\microsoft office 2010\office14\onenote.exe |
"{9C3F6985-74AA-4BD5-9952-C680C31A4AB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A172684F-C023-42D3-ABDD-7634853C1EA4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7BB55E5-7DD5-4537-9402-0DBE025D8ACB}" = protocol=6 | dir=in | app=d:\programy\microsoft office 2010\office14\groove.exe |
"{A7FBAF00-CC17-47C2-A9EC-2135A45292D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC98D7C2-73A1-457D-8445-AA6DE5A0B743}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B37FF819-4381-4EDB-BC5F-9242ABD5E5F5}" = protocol=17 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"{C0E81159-7BD1-4ACF-8154-C4ACAE12A25D}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgmfapx.exe |
"{C26EFA35-8FEA-42EE-AD9E-A4848CBBA22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0D14AB8-8AFC-4802-A77D-A098CA4ABC38}" = protocol=6 | dir=in | app=d:\programy\samsung\npsasvr.exe |
"{D0E1E5D4-EA34-4C9A-8709-AE4CB8A0C955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6B53311-2EE6-47B0-931D-D754CE073533}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgmfapx.exe |
"{D6CCAF28-90E6-4F04-A54E-81AC50D2F614}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{D86D1A50-F0F7-4E00-BFE5-D44A62A26C19}" = protocol=6 | dir=in | app=d:\programy\avg2013\avgemca.exe |
"{D8D32165-4686-471A-8CE8-CE623F3DB2CF}" = protocol=6 | dir=in | app=d:\programy\avg anti-virus\avgdiagex.exe |
"{DF962BA5-18DB-47BE-AE0C-9C524BD86C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E38E0CD1-975C-460B-8737-D9F1544FC622}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3C6F384-369F-4E7F-ADA0-C018D165DC3A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E8815790-5741-42B9-B360-6209186603FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EA8F167C-4450-4426-BD75-B3CFD451146B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F15C1779-6CE4-416D-82C0-B5022D15A025}" = protocol=6 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"{FD2C91E9-35C1-4A37-B93C-87AAC1CD1DF0}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{FE10876B-B543-434D-9116-BF6F0DBD47C8}" = protocol=17 | dir=in | app=d:\programy\samsung\npsvsvr.exe |
"TCP Query User{2FC4CFAE-F671-4058-8976-83D1BE85F194}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{59B12F2A-CB70-42D3-9E9C-6420424F4EA3}D:\programy\fifa 13\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\programy\fifa 13\fifa 13\game\fifa13.exe |
"TCP Query User{62B34BF1-98F3-4583-9510-DC2363245C14}D:\programy\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\programy\gadu-gadu 10\gg.exe |
"TCP Query User{8429DAA4-B25F-411C-800B-4BC8EA496869}D:\programy\tcgrfs\future soldier.exe" = protocol=6 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"TCP Query User{B325D97E-DAFD-4B88-92FC-BFAAB242047C}D:\programy\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\programy\vuze\azureus.exe |
"TCP Query User{D04C1F2D-F11D-4FF7-8E82-D32100804A45}D:\programy\resident evil\raccooncity.exe" = protocol=6 | dir=in | app=d:\programy\resident evil\raccooncity.exe |
"UDP Query User{0333F9CC-946F-4B6F-A38A-A03D4098E8F0}D:\programy\tcgrfs\future soldier.exe" = protocol=17 | dir=in | app=d:\programy\tcgrfs\future soldier.exe |
"UDP Query User{0C785F67-782C-4597-B83E-E2896F5EE584}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{0D0D2EC5-2EE2-4BD2-B3B8-E5129D32680E}D:\programy\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\programy\vuze\azureus.exe |
"UDP Query User{11996270-FA3D-45A7-81B5-C40833829705}D:\programy\fifa 13\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\programy\fifa 13\fifa 13\game\fifa13.exe |
"UDP Query User{2B256038-452E-4B67-A91C-09AD3658AC0A}D:\programy\resident evil\raccooncity.exe" = protocol=17 | dir=in | app=d:\programy\resident evil\raccooncity.exe |
"UDP Query User{3E78360F-EB52-4A6B-B523-F7649A6FB7E9}D:\programy\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\programy\gadu-gadu 10\gg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2013
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"360Amigo" = 360 Amigo System Speedup PRO
"3643efd4" = Contextual Tool Extrafind
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP3" = AIMP3
"BurnAware Free_is1" = BurnAware Free 5.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gadu-Gadu 10" = Gadu-Gadu 10
"IrfanView" = IrfanView (remove only)
"LiveVDO" = LiveVDO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-20 10:26:01 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-20 11:05:11 | Computer Name = Win-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "D:\Programy\Nokia Suite\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-12-21 06:51:33 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-21 12:34:17 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-22 07:36:04 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-22 14:01:15 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b71a4b Nazwa modułu powodującego błąd: xul.dll, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b7198b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00144ed8
Identyfikator
procesu powodującego błąd: 0x8c0 Godzina uruchomienia aplikacji powodującej błąd:
0x01cde066b86d8278 Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\firefox.exe
Ścieżka
modułu powodującego błąd: D:\Programy\Mozilla Firefox\xul.dll Identyfikator raportu:
9347d428-4c61-11e2-83a3-9e0e79b4eb99

Error - 2012-12-24 07:38:26 | Computer Name = Win-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "D:\Programy\Nokia Suite\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-12-24 16:16:59 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-25 11:07:03 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-12-25 15:35:50 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Future Soldier.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x4fc7852e Nazwa modułu powodującego błąd: Future Soldier.exe,
wersja: 0.0.0.0, sygnatura czasowa: 0x4fc7852e Kod wyjątku: 0x40000015 Przesunięcie
błędu: 0x00444e6a Identyfikator procesu powodującego błąd: 0x4c4 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cde2d2800fb324 Ścieżka aplikacji powodującej błąd:
D:\Programy\TCGRFS\Future Soldier.exe Ścieżka modułu powodującego błąd: D:\Programy\TCGRFS\Future
Soldier.exe Identyfikator raportu: 494bdad4-4eca-11e2-b709-ba4fb73feba5

Error - 2012-12-26 14:38:34 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b71a4b Nazwa modułu powodującego błąd: xul.dll, wersja: 17.0.1.4715,
sygnatura czasowa: 0x50b7198b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00144ed8
Identyfikator
procesu powodującego błąd: 0xedc Godzina uruchomienia aplikacji powodującej błąd:
0x01cde39595ea87a0 Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\firefox.exe
Ścieżka
modułu powodującego błąd: D:\Programy\Mozilla Firefox\xul.dll Identyfikator raportu:
73ec0400-4f8b-11e2-a27f-bb60148493d1

[ System Events ]
Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:02 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:03 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.

Error - 2012-07-27 14:40:03 | Computer Name = Win-Komputer | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\DR1 wystąpił zły blok.


< End of report >[/log]

wirusolog
komentarz
komentarz

Wszystko prawidłowo usunięte i w logach już niczego nie ma.

W AdwCleanerze wciśnij przycisk Uninstall a w OTL - Sprzątanie.

maryjanek
komentarz
komentarz

Dziękuję za pomoc :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.