x-kom hosting

Wolny start systemu!

Bolqu
utworzono
utworzono (edytowane)

Witam!
Mam komputer z win7 professional już 2lata. Po pierwszym roku nie zauważyłem żadnego spowolnienia. Ostatnimi czasy komputer włącza się ponad minutę. Z tego co zauważyłem **Panel sterowania\Wszystkie elementy Panelu sterowania\Informacje wydajności i narzędzia\Narzędzia zaawansowane** Wyskoczył mi taki komunikat: 

 

1. http://imageshack.us/f/819/kwgd.png/

Żadnego z tych programów/aplikacji nie mam na PC. Nie wiem jak to usunąć. Wkurza mnie czekanie aż komputer zaskoczy. Jak łączą się te kwadraty we flagę windowsa to trwa to ponad 18sekund + kilka sekund ekran Zapraszamy.

 

2.+usługi w msconfigu : http://imageshack.us/f/703/vjgu.png/

3.zainstalowane programy : http://imageshack.us/g/1/10297930/

4. zainstalowane aktualizacje (AdvancedSystemCare je zainstalował ...) : http://imageshack.us/g/1/10297932/

 

Zbędne programy zostały odinstalowane, zbędne usługi wyłączone, a w autostarcie mam tylko kilka programów. Wywaliłem z systemu IE, gry oraz wszystkie funkcje multimedialne.

Dysk defregmentuję co tydzień. System czyszczę ASC6 i Ccleanerem.

 

Z góry dzięki za pomoc, Pozdrawiam :D

 

ps. Mój komputer to:
Procek: AMD Phenom II 965
Grafa: Asus Radeon 6850 1gb
Płyta główna: MSI 870A-G46

ram 4gb

VAq
komentarz
komentarz

W msconfig ustaw uruchamianie z maksymalna ilością procesorów i pamięcią RAM.
Jaki masz system? 32 czy 64?

Wysłane z mojego HTC One S za pomocą Tapatalk 2

Bolqu
komentarz
komentarz (edytowane)

Msconfig>rozruch>zaawansowane>liczba procesorów 4, maksymalną pamięć mam zaznaczyć i wpisać 4gb(4096). Ciekawe czy coś pomoże.

 

ps. Nic nie pomogło :(

VAq
komentarz
komentarz

Wyczyść rejestr CCleanerem.
Miałem taki problem już i pomogło przywrócenie domyślnych ustawień BIOSu.
Polecam jeszcze sprawdzić pamięć ram pod względem prawidłowo działania, np programem Memtest.

Wysłane z mojego HTC One S za pomocą Tapatalk 2

Natsuki Kuga
komentarz
komentarz

Zapoznaj się z tematami przyklejonymi działu i pokaż zestaw odpowiednich logów.

Bolqu
komentarz
komentarz

Wrzucam logi z OTL, RSIT, DDS i GMER:
1.OTL : [log]OTL logfile created on: 2013-09-01 10:19:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Użytkownik\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free
6,50 Gb Paging File | 4,39 Gb Available in Paging File | 67,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,80 Gb Total Space | 32,67 Gb Free Space | 19,70% Space Free | Partition Type: NTFS
Drive D: | 299,96 Gb Total Space | 7,99 Gb Free Space | 2,66% Space Free | Partition Type: NTFS

Computer Name: BOLQU | User Name: Bolqu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-09-01 10:17:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Użytkownik\Downloads\OTL.exe
PRC - [2013-08-18 21:16:02 | 001,651,144 | ---- | M] (AIMP DevTeam) -- C:\Program Files (x86)\AIMP3\AIMP3.exe
PRC - [2013-07-25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-06-28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011-10-06 22:54:02 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011-09-16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010-09-30 20:56:56 | 001,290,240 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2010-09-14 17:17:00 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2013-08-18 21:16:04 | 001,733,120 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll
MOD - [2013-08-18 21:16:04 | 000,435,200 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll
MOD - [2013-08-18 21:16:04 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\MACDll.dll
MOD - [2013-08-18 21:16:03 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Sqlite3.dll
MOD - [2013-08-18 21:16:03 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll
MOD - [2013-08-18 21:16:03 | 000,141,768 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll
MOD - [2013-08-18 21:16:03 | 000,071,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll
MOD - [2013-08-18 21:16:03 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp
MOD - [2013-07-25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
MOD - [2013-07-25 02:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013-07-25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013-07-25 02:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013-07-25 02:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013-07-25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2012-04-30 09:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2012-04-30 09:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012-04-30 09:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012-04-30 09:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012-04-30 09:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011-10-06 22:53:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll
MOD - [2010-09-14 17:21:00 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2010-09-14 17:17:00 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-07-20 22:46:35 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012-12-19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-12-19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-08-31 17:01:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-06-28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013-02-10 23:23:38 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012-12-20 19:29:54 | 000,541,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-01-18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-11-04 16:28:42 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011-11-04 16:28:34 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-09-14 17:17:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2010-05-17 18:18:44 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-10 10:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010-03-10 10:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010-03-10 10:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009-10-20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009-09-29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005-11-25 09:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\OpcEnum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-07-28 12:41:29 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-07-28 12:41:29 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-07-20 21:30:40 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-07-20 21:30:40 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-07-20 21:30:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-07-20 21:14:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-01-26 10:02:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-01-25 16:19:00 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013-01-20 20:15:43 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2012-12-19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-12-19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-11-08 21:42:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012-11-08 21:42:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012-11-06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-10-29 17:22:08 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012-10-22 20:02:00 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012-10-22 20:02:00 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012-08-28 14:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012-08-27 20:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012-08-27 20:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011-11-03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-03-07 16:25:49 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2011-03-07 16:25:48 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010-12-21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010-12-21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010-12-21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010-09-14 16:21:00 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2010-07-01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010-06-17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001-09-22 10:16:42 | 000,004,016 | ---- | M] (SpecoSoft) [Kernel | On_Demand | Stopped] -- C:\Users\Użytkownik\Desktop\Bardzo wazne dokumenty\Asysten elektronika\Asystent elektronika\zlportio.sys -- (zlportio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]
IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Użytkownik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011-10-28 19:58:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-08-31 17:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-10-28 19:58:49 | 000,000,000 | ---D | M]

[2011-10-28 19:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Extensions
[2013-08-23 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions
[2013-07-20 20:00:29 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\ascsurfingprotection@iobit.com
[2012-04-03 14:21:16 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\IplextoALL@ALLPlayer.org
[2011-10-30 12:31:22 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\firefox\profiles\oqoqhlrn.default\extensions\IplextoALL@ALLPlayer.org.xpi
[2012-09-23 18:15:40 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\firefox\profiles\oqoqhlrn.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2013-08-31 17:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-08-31 17:01:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-08-31 17:01:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013-08-31 17:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-08-31 17:01:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
[2008-12-10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010-05-25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\U\u017Cytkownik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Dokumenty Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-02-07 20:37:27 | 000,001,844 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.moviestarplanet.de
O1 - Hosts: 127.0.0.1 moviestarplanet.de
O1 - Hosts: 127.0.0.1 www.moviestarplanet.co.uk
O1 - Hosts: 127.0.0.1 moviestarplanet.co.uk
O1 - Hosts: 127.0.0.1 www.moviestarplanet.fr
O1 - Hosts: 127.0.0.1 moviestarplanet.fr
O1 - Hosts: 127.0.0.1 www.moviestarplanet.nl
O1 - Hosts: 127.0.0.1 moviestarplanet.nl
O1 - Hosts: 127.0.0.1 www.moviestarplanet.se
O1 - Hosts: 127.0.0.1 moviestarplanet.se
O1 - Hosts: 127.0.0.1 www.moviestarplanet.dk
O1 - Hosts: 127.0.0.1 moviestarplanet.dk
O1 - Hosts: 127.0.0.1 www.moviestarplanet.no
O1 - Hosts: 127.0.0.1 moviestarplanet.no
O1 - Hosts: 127.0.0.1 www.moviestarplanet.fi
O1 - Hosts: 127.0.0.1 moviestarplanet.fi
O1 - Hosts: 127.0.0.1 www.moviestarplanet.com.tr
O1 - Hosts: 127.0.0.1 moviestarplanet.com.tr
O1 - Hosts: 127.0.0.1 www.moviestarplanet.ie
O1 - Hosts: 127.0.0.1 moviestarplanet.ie
O1 - Hosts: 127.0.0.1 www.moviestarplanet.com.au
O1 - Hosts: 127.0.0.1 moviestarplanet.com.au
O1 - Hosts: 127.0.0.1 www.moviestarplanet.co.nz
O1 - Hosts: 127.0.0.1 moviestarplanet.co.nz
O1 - Hosts: 127.0.0.1 www.moviestarplanet.ca
O1 - Hosts: 8 more lines...
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] c:\program files\realtek\audio\hda\ravcpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145


O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url] (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9247C03A-EF62-421C-8608-B808EE5718B1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ffa995c-1c63-11e2-85c0-6c626d3cafa9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ffa995c-1c63-11e2-85c0-6c626d3cafa9}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{5a2de262-0efe-11e1-95a6-6c626d3cafa9}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2de262-0efe-11e1-95a6-6c626d3cafa9}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{8a23d14a-678e-11e2-92ad-6c626d3cafa9}\Shell - "" = AutoRun
O33 - MountPoints2\{8a23d14a-678e-11e2-92ad-6c626d3cafa9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{afa6ad9f-0f86-11e1-8b48-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{afa6ad9f-0f86-11e1-8b48-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-08-31 17:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-08-29 22:51:59 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013-08-24 21:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013-08-23 19:50:37 | 000,000,000 | ---D | C] -- C:\Downloads
[2013-08-23 19:50:36 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\ProgSense
[2013-08-23 19:49:18 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\Orbit
[2013-08-22 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Desktop\pendrajf
[2013-08-22 14:22:58 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2013-08-22 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2013-08-22 14:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2013-08-20 20:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2013-08-20 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Documents\Telltale Games
[2013-08-18 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\VenusHostage
[2013-08-18 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\IrfanView
[2013-08-18 18:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013-08-18 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013-08-18 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Desktop\na tablica pl
[2013-08-16 23:49:13 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-08-16 23:49:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-08-16 23:49:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-08-16 23:49:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-08-16 23:49:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-08-16 23:49:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-08-16 23:49:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-08-16 23:48:31 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-08-16 23:48:31 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-08-16 23:48:31 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-08-16 23:48:31 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-08-16 23:48:31 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-08-16 23:48:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-08-16 23:48:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-08-16 23:48:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-08-16 23:48:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-08-16 23:48:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-08-16 23:48:05 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013-08-16 23:47:23 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013-08-16 23:47:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013-08-16 23:47:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013-08-15 22:42:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Documents\GTA San Andreas User Files
[2013-08-14 09:25:37 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Local\Risen2
[2013-08-14 09:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2013-08-13 20:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-08-06 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Local\NFS Underground 2
[2013-08-06 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013-08-06 20:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-09-01 10:14:35 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-01 10:14:35 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-01 10:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-01 10:07:11 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013-08-30 13:45:15 | 000,025,222 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje5.png
[2013-08-30 13:43:53 | 000,235,710 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje4.png
[2013-08-30 13:43:25 | 000,233,761 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje3.png
[2013-08-30 13:43:10 | 000,236,050 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje2.png
[2013-08-30 13:42:48 | 000,225,711 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje.png
[2013-08-30 13:41:30 | 000,206,549 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy3.png
[2013-08-30 13:41:14 | 000,213,232 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy2.png
[2013-08-30 13:40:48 | 000,232,525 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy.png
[2013-08-30 13:28:17 | 000,106,642 | ---- | M] () -- C:\Users\Użytkownik\Desktop\mysconfig.png
[2013-08-30 13:26:36 | 000,068,342 | ---- | M] () -- C:\Users\Użytkownik\Desktop\dziwne.png
[2013-08-30 11:35:50 | 002,648,702 | ---- | M] () -- C:\Users\Użytkownik\Documents\AutoRuns.arn
[2013-08-30 00:02:14 | 000,007,600 | ---- | M] () -- C:\Users\Użytkownik\AppData\Local\Resmon.ResmonCfg
[2013-08-29 13:05:41 | 000,013,610 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aimp3 — skrót.lnk
[2013-08-26 15:26:27 | 000,001,041 | ---- | M] () -- C:\Users\Użytkownik\Desktop\SaintsRowIV.exe — skrót.lnk
[2013-08-22 18:04:05 | 001,671,304 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-08-22 18:04:05 | 000,741,078 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-08-22 18:04:05 | 000,654,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-08-22 18:04:05 | 000,155,674 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-08-22 18:04:05 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-08-22 14:39:56 | 000,067,351 | ---- | M] () -- C:\Windows\War3Unin.dat
[2013-08-22 14:33:39 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2013-08-22 14:33:39 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2013-08-21 11:36:31 | 000,033,166 | ---- | M] () -- C:\Users\Użytkownik\Desktop\beny.aimppl
[2013-08-20 20:57:54 | 000,001,355 | ---- | M] () -- C:\Users\Użytkownik\Desktop\WalkingDead101.exe — skrót.lnk
[2013-08-17 14:28:02 | 000,000,934 | ---- | M] () -- C:\Users\Użytkownik\Desktop\gta_sa.exe — skrót.lnk
[2013-08-16 23:49:13 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-08-16 23:49:13 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-08-16 23:49:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-08-16 23:49:13 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-08-16 23:49:13 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-08-16 23:49:13 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-08-16 23:49:13 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-08-16 23:48:31 | 005,550,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-08-16 23:48:31 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-08-16 23:48:31 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-08-16 23:48:31 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-08-16 23:48:31 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-08-16 23:48:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-08-16 23:48:30 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-08-16 23:48:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-08-16 23:48:30 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-08-16 23:48:30 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-08-16 23:48:05 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013-08-16 23:47:23 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013-08-16 23:47:23 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013-08-16 23:47:23 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013-08-15 10:00:37 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Risen 2 - Dark Waters.lnk
[2013-08-14 15:35:34 | 000,008,236 | ---- | M] () -- C:\Users\Użytkownik\Desktop\tjeeeeaa.aimppl
[2013-08-06 20:46:05 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2013-08-06 19:58:54 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-08-31 12:49:22 | 000,154,119 | ---- | C] () -- C:\Users\Użytkownik\Desktop\Memtest86+ USB Installer.exe
[2013-08-30 13:45:15 | 000,025,222 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje5.png
[2013-08-30 13:43:53 | 000,235,710 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje4.png
[2013-08-30 13:43:24 | 000,233,761 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje3.png
[2013-08-30 13:43:09 | 000,236,050 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje2.png
[2013-08-30 13:42:48 | 000,225,711 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje.png
[2013-08-30 13:41:30 | 000,206,549 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy3.png
[2013-08-30 13:41:14 | 000,213,232 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy2.png
[2013-08-30 13:40:48 | 000,232,525 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy.png
[2013-08-30 13:28:17 | 000,106,642 | ---- | C] () -- C:\Users\Użytkownik\Desktop\mysconfig.png
[2013-08-30 13:26:13 | 000,068,342 | ---- | C] () -- C:\Users\Użytkownik\Desktop\dziwne.png
[2013-08-30 11:35:50 | 002,648,702 | ---- | C] () -- C:\Users\Użytkownik\Documents\AutoRuns.arn
[2013-08-29 13:05:41 | 000,013,610 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aimp3 — skrót.lnk
[2013-08-27 23:41:44 | 000,246,006 | ---- | C] () -- C:\Windows6.1-KB2581464-x64.msu
[2013-08-26 15:26:27 | 000,001,041 | ---- | C] () -- C:\Users\Użytkownik\Desktop\SaintsRowIV.exe — skrót.lnk
[2013-08-22 14:22:58 | 000,067,351 | ---- | C] () -- C:\Windows\War3Unin.dat
[2013-08-22 14:22:58 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2013-08-21 11:36:31 | 000,033,166 | ---- | C] () -- C:\Users\Użytkownik\Desktop\beny.aimppl
[2013-08-20 20:57:54 | 000,001,355 | ---- | C] () -- C:\Users\Użytkownik\Desktop\WalkingDead101.exe — skrót.lnk
[2013-08-17 14:28:02 | 000,000,934 | ---- | C] () -- C:\Users\Użytkownik\Desktop\gta_sa.exe — skrót.lnk
[2013-08-14 15:35:34 | 000,008,236 | ---- | C] () -- C:\Users\Użytkownik\Desktop\tjeeeeaa.aimppl
[2013-08-14 09:22:23 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Risen 2 - Dark Waters.lnk
[2013-08-06 20:46:05 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2013-08-06 19:58:54 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job
[2012-09-28 19:25:03 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2012-08-28 14:44:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-08-28 14:44:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-08-28 14:44:01 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012-08-26 23:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012-08-21 05:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012-08-21 05:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-08-21 05:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012-08-21 05:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012-08-21 05:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012-08-21 05:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012-08-21 05:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012-08-21 05:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012-08-21 05:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012-08-21 05:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012-07-19 20:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012-07-19 20:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012-07-19 20:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012-07-19 20:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012-07-19 20:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012-07-19 20:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012-07-19 20:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-03-15 17:03:05 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI
[2011-12-24 18:35:11 | 001,645,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011-11-04 16:28:36 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-11-04 16:28:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-11-04 16:28:33 | 000,000,315 | ---- | C] () -- C:\Windows\game.ini
[2011-10-28 20:45:40 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011-10-28 19:57:58 | 000,007,600 | ---- | C] () -- C:\Users\Użytkownik\AppData\Local\Resmon.ResmonCfg
[2011-10-28 19:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-09-08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011-09-08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011-09-08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011-09-08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011-09-08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011-09-08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011-09-08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011-09-08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011-09-08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011-09-08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-20 22:11:24 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-20 22:11:24 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011-03-07 16:26:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-08-02 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012-08-02 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013-09-01 10:20:55 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\AIMP3
[2012-03-15 09:56:51 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Ashampoo
[2013-02-08 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013-08-31 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\DAEMON Tools Lite
[2011-10-28 19:59:18 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\ESET
[2012-05-28 16:52:39 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\GetRightToGo
[2012-09-15 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\GoforFiles
[2012-12-31 10:52:13 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\IObit
[2013-08-18 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\IrfanView
[2012-11-02 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\LockHunter
[2013-07-12 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\National Instruments
[2013-02-27 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\OBS
[2013-08-23 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Orbit
[2012-06-30 10:59:23 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\poclbm
[2013-08-23 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\ProgSense
[2011-12-28 19:12:30 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\pymclevel
[2013-02-09 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\SplitMediaLabs
[2013-08-18 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\TS3Client
[2012-10-27 19:59:01 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\TunkDesign
[2012-03-11 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Ubisoft
[2013-08-29 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\uTorrent
[2013-08-18 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\VenusHostage

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1084844 bytes -> C:\Windows\Temp:temp

< End of report >

[/log]

2.RSIT: Extras: [log]OTL Extras logfile created on: 2013-09-01 10:19:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Użytkownik\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free
6,50 Gb Paging File | 4,39 Gb Available in Paging File | 67,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,80 Gb Total Space | 32,67 Gb Free Space | 19,70% Space Free | Partition Type: NTFS
Drive D: | 299,96 Gb Total Space | 7,99 Gb Free Space | 2,66% Space Free | Partition Type: NTFS

Computer Name: BOLQU | User Name: Bolqu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F}
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F}

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C49F09C-FAD3-47B5-B199-7A39FEFBE344}" = rport=139 | protocol=6 | dir=out | app=system |
"{4256EE0E-514F-4461-A573-90D0FC2719DE}" = rport=138 | protocol=17 | dir=out | app=system |
"{73AB4780-EB7F-46D4-B0A9-778581EC3F88}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{78B76D38-999F-4FDD-A436-943A41604AA3}" = lport=138 | protocol=17 | dir=in | app=system |
"{84135835-0B23-432B-B512-99B5ED434219}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{891EFEA1-56DA-4002-8D56-4D7907A0CBE3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{93D559A1-A6CD-4D72-8EE8-0350E8A1B011}" = lport=137 | protocol=17 | dir=in | app=system |
"{942A9BD6-4876-453A-B869-9A8174523AC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{A32D4A12-BBCF-4069-BA8D-5753DFA1A047}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3658D79-9C63-41AD-B646-30F112649032}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1981C44-5DF5-472D-9C66-0AF9C20201BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD4E1D87-6EBA-46A8-9E3E-4A2637F32B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8FBE2B4-6978-4C70-9833-937B89308578}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD481FE3-DEE3-4A5E-AA10-22DFF978F712}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFF574EF-496B-4F10-B478-F9A7E0B0F02E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3E6C3F4-8417-4D14-9965-F08F6F9DFCA3}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BF0A3-54AF-498F-A9DB-D5A730B0E0F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{05A8B32E-2406-49D0-813E-63F2B6408BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0643DF3F-D61C-4654-A796-A000F9B5A7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{1050918D-AEB9-43E6-9537-F6E2C0A9E20A}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{186E6DBB-3178-4389-8331-A138625B6878}" = protocol=58 | dir=in | app=system |
"{25A65578-3068-488B-A868-4569FDF0F05D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{277F72FD-A10E-4A1A-8468-F36F3C660787}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{2D437BCC-6E80-492D-8094-3915E272764E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2DF6A40C-4467-42C5-B57D-09844C01B742}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutparadise.exe |
"{2E48B62F-AADA-4ED9-B350-D427E5A6C7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{2F51555E-355F-4186-8AFD-9A37720351F9}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{2F53A78D-2EE8-4A77-82AE-6E44359D05DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{33CF06AF-07B7-479C-A437-2173B0F98244}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutconfigtool.exe |
"{3A491367-84C9-497C-BB55-47ED9F33E655}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{44CDF43C-F21E-4B4D-A80E-2A4A1EC6E83F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{47C83245-049C-4434-B875-F9AADE304844}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{4DC2F43A-52B1-4AF8-82CA-C1733149EA21}" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{4E7B2535-351A-4D49-B563-CD3242983E77}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{51C0782A-8185-46AE-9701-5C0B6D5A1FD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5FDC2A91-29CE-48BB-92C4-1BCBCFFCA62B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FF5AE72-7AC5-434B-95F5-409F47D4E33D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6553C54E-3FA0-425D-9D5A-0F63EB97AB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{67D0173B-46EE-4600-9069-20610D062424}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutparadise.exe |
"{6DA06986-217F-4B15-A11E-F0232342C05F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{774C0B70-2DFD-4D1F-80F8-1941FC8D609A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{77A84EB5-F24C-45DD-90D2-9336468AAD21}" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{7D898340-9679-4CAF-9AA1-7A15E89C0B78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E14CD16-CD6C-4161-A0DF-436AC57183BB}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutlauncher.exe |
"{7F05A08B-FD90-40C5-866C-14DC8E7B02EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{80808F0E-3EF1-4F77-A4A0-18D842DD85BE}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{81E4FC37-45CF-4882-9310-C07AC4A88DD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cgk_bolqu\half-life\hl.exe |
"{8443636E-9C39-4F09-852B-4720A874C2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{85588263-4A1B-4028-952B-2ED4C175D446}" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{89D2297F-F697-441D-88DC-6BE1E32B3972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{8A39EA4C-843F-4AB6-B97B-1DE4749DA439}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{8AD09296-3D55-4BC3-982E-D324DC743B7F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{8E5A4FB9-B44C-46E1-AC25-03A801C79B85}" = protocol=17 | dir=in | app=d:\gry\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{900DA5BD-3DD3-482F-BC1C-1F4D348CFF97}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{92E0ED2D-A162-4855-8CAF-F55632A73386}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{96256C29-EF7D-4FDC-A31B-B9473AB70961}" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{9CAFE0B7-A7A4-42EF-9572-2B0E42E00EAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1ADCE1D-DAB3-4118-93A8-945495559826}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{A85B13D4-548A-4FE4-A3B2-7EDCC4046596}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ADC447C9-F0AC-489E-AC28-4568278BABEA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{AF864CEF-8A49-4C53-82C4-4429E9DF6AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{B82F6F50-5183-4974-A903-71780FBEBE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{B9E1EAA9-B38C-4A4D-A5C9-4475E87CDCD2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{BCDCEAC1-9252-42FD-9570-1BAAD96CE09E}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutconfigtool.exe |
"{C14FC170-6A1A-44B5-B1BD-B7877D787C01}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{CC000888-A3F8-45D3-B1E0-18F126C3AC4C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{D4916125-C4E8-4698-A428-B5799063A717}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D5981B2E-B308-4AA5-9828-38D6975C62EE}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{D7D325A2-7AA6-4E5E-B213-FC585578D567}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{E1B967C9-AFB5-41F7-927D-2E0B226FF7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe |
"{E2C409D8-BB16-418C-88FE-D9D4E5316707}" = protocol=6 | dir=in | app=d:\gry\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E2ED8044-9300-4B72-835C-21C2BC0CBBA1}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{E5634597-51C0-4C72-84BE-4606C3FBA65E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E726BC7B-2799-44CE-B68E-2043BB458138}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutlauncher.exe |
"{E823004D-FC15-4FF0-8FBC-6BCEC5407EA3}" = protocol=17 | dir=in | app=d:\gry\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F1CE5058-5451-4BAE-A3F3-820877A8D028}" = protocol=6 | dir=in | app=d:\gry\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F8A38495-EAA3-4021-B23D-66CB6904B5C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cgk_bolqu\half-life\hl.exe |
"{FACECDA8-A156-4A73-928D-A7763CD079CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FC352E3B-E0DC-46A5-BF66-EFAF758155F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{030B2B5A-6581-404E-AB7D-CD9DEF15A98B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{1638F053-8301-4EEF-8A03-0819D5E9D589}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe |
"TCP Query User{2143DD40-805F-49CA-852C-DEBD194DE8FF}D:\gry\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\gry\saints row iv\saintsrowiv.exe |
"TCP Query User{2E17B1EA-C777-4E5B-A489-A5049E4FD772}D:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe |
"TCP Query User{3EC0291D-A3F3-41F0-8466-5D47687C1B83}D:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe |
"TCP Query User{45BE3F09-3F73-443A-A813-E2B76CEAF3DE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{6016DB5F-74ED-4D7D-9F0C-0C30D8AEA5EA}D:\gry\electronic arts\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed the run\need for speed the run.exe |
"TCP Query User{65ADAC9B-14FB-4294-ACFF-58CD70DCA7EA}D:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe |
"TCP Query User{662FAFCB-973B-4A6B-844C-950BCCBD45FB}D:\gry\call of duty black ops [revops] eng\blackopsmp.dat" = protocol=6 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackopsmp.dat |
"TCP Query User{6F05B35D-58AD-44D6-8B22-E5B0D4660C7A}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{7445398E-4D25-471D-8E84-7C5FBF25EFA6}D:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{7F6A459F-6DE7-43AA-9D6B-A98DB2256DE8}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{8A93DD36-28BE-4272-BD6E-192AC1FC772B}D:\gry\call of duty black ops [revops] eng\blackops.dat" = protocol=6 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackops.dat |
"TCP Query User{8C28F26E-B651-4755-B41C-8A65B8BAE9BA}D:\gry\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{931B55CE-60EA-45DE-ACFD-5EF9E5836A18}D:\gry\mw 3\iw5m.dat" = protocol=6 | dir=in | app=d:\gry\mw 3\iw5m.dat |
"TCP Query User{A2C853CB-3B39-472D-AC38-429A1E4BFCE1}D:\gry\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\gry\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{C95080C7-D26B-457A-92B2-EF67A826F9AC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0C3F9C1E-C262-40A8-9F44-1832037F0907}D:\gry\call of duty black ops [revops] eng\blackops.dat" = protocol=17 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackops.dat |
"UDP Query User{2B3083B1-2F42-4D79-9BCA-EDC9D7403793}D:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{2BADCC65-7FE9-4493-93A2-6B1AFB066AEB}D:\gry\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{362F5E99-0043-4707-942F-EE9A43028C61}D:\gry\call of duty black ops [revops] eng\blackopsmp.dat" = protocol=17 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackopsmp.dat |
"UDP Query User{4160952F-90C4-46A2-8A6D-0D5E56A6DB04}D:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe |
"UDP Query User{52F2A835-5338-4E36-AE54-EABF67601D2D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7899CA19-769C-4E66-8AF1-7930039E07E0}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{82CD7E5B-B4F7-471A-9157-FB36F6A7F5C7}D:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe |
"UDP Query User{84E91FF6-6029-4049-9C40-8B4945CCFDA5}D:\gry\electronic arts\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed the run\need for speed the run.exe |
"UDP Query User{8B88443A-73C9-48E8-9381-B90C09BA756B}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe |
"UDP Query User{A6A4908B-45E5-4750-8CE2-DB36132AC7E3}D:\gry\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\gry\saints row iv\saintsrowiv.exe |
"UDP Query User{B889CAED-6621-4B51-97CC-0E544E0F7137}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{BD13B4A9-65EB-49AB-B792-87E7726174F8}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{C12A21C1-8C77-4CD5-A3EB-72E9FFE3ABFD}D:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe |
"UDP Query User{CFB826A6-6D85-427A-B4C5-C0454F702735}D:\gry\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\gry\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{E321087D-D7B0-478F-B916-0155F306E96F}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{E98669AF-B87C-410D-AD6E-4DD8F396FC86}D:\gry\mw 3\iw5m.dat" = protocol=17 | dir=in | app=d:\gry\mw 3\iw5m.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1F266B69-F56D-7CD8-D90B-C47F2051A95A}" = AMD Fuel
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{33B49B5C-2D04-4B8F-BA1F-D22EB8A627B0}" = ESET Smart Security
"{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
"{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
"{3DD68F17-2C5D-49AC-9280-13C90FE19B71}" = NI Logos64 5.1.3
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B092C4EE-F80B-48DD-B57D-C42B66543BE0}" = NI VC2005MSMs x64
"{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
"{C342A5D7-9D75-4D37-879A-BAA68D168670}" = NI Logos64 XT Support
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding
"{E63A64BC-6458-432B-A5FA-A61BFD34EA6E}" = NI TDMS (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0297078F-D4C8-4774-B7A3-6BBF2C164C76}_is1" = Dirt 2 Spolszczenie by O22y
"{02B6E651-686D-4BCD-8A93-C07B01761745}" = NI Logos 5.1.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
"{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = AMD VISION Engine Control Center
"{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
"{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
"{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3AD22980-7E0B-11D6-9C4B-0001020AA251}" = GTA3 PL
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
"{604D1BD4-7EE3-4704-8D53-0675FA94AE57}" = NI MDF Support
"{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{65246CE4-17F2-4896-8828-696086BED5F6}" = NI TDMS
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.1 Core
"{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7CD0F3A4-AA2F-4F6E-84F4-BFC2905D4BA3}" = NI EULA Depot
"{7D0575F4-A8BD-4B4D-9244-542E9EE54FED}" = OPC Core Components 2.00 Redistributable
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0.1 Pro
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
"{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
"{A483F88A-41E9-45B2-AAC9-A823DD9B4873}" = PS TO PC CONVERTER
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
"{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
"{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
"{B226F936-42E3-402E-8CF8-C1D92F255A17}" = NI Uninstaller
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
"{BE95841B-D741-4B72-B79B-1EC61240F10E}" = NI Service Locator
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0FF3C38-FC96-4575-8A7B-89DDA3F9C79D}" = NI Update Service
"{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CFF55EAB-5A2F-4A95-99D4-EF3E585F03FD}" = NI Logos XT Support
"{D265C4DB-8F68-4264-BA9C-BCEFF134A8B8}" = NI Circuit Design Suite 11.0.1 Pro Licenses
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F11F2CA2-F45F-4CC2-8962-28A0F5DC625A}" = NI Update Service Full
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
"{F9A9C54B-1438-4553-B27C-4A4BBC69920A}" = Amnesia: Mroczny Obłęd
"{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AIMP3" = AIMP3
"ALLPlayer_is1" = ALLPlayer V5.X
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r" = Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Codecs for Windows 7 Pack" = Codecs for Windows 7 Pack 4.0.5
"Colin McRae. DiRT 2_is1" = Colin McRae. DiRT 2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead Island Riptide_is1" = Dead Island Riptide
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 pl)" = Mozilla Firefox 23.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nfsClock14 New Free Screensaver_is1" = NewFreeScreensaver nfsBalls02
"nfsRadar New Free Screensaver_is1" = NewFreeScreensaver nfsRadar
"NI Uninstaller" = National Instruments Software
"OpenAL" = OpenAL
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Risen 2 - Dark Waters_is1" = Risen 2 - Dark Waters
"RocketDock_is1" = RocketDock 1.3.5
"Saints Row The Third_is1" = Saints Row The Third
"Sniper Elite: Nazi Zombie Army_is1" = Sniper Elite: Nazi Zombie Army
"Steam App 10" = Counter-Strike
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"WinRAR archiver" = Archiwizator WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: wszystkie elementy

========== Last 20 Event Log Errors ==========

[ ACEEventLog Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.

< End of report >

[/log]

INFO: [log]info.txt logfile of random's system information tool 1.09 2013-09-01 10:30:35

======Uninstall list======

-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -maintain plugin
Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Reader XI (11.0.03)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
Adobe Shockwave Player 12.0-->"C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
Advanced SystemCare 6-->"C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"
AIMP3-->C:\Program Files (x86)\AIMP3\Uninstall.exe
ALLPlayer V5.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe"
Amnesia - The Dark Descent -->"D:\Gry\Frictional Games\Amnesia - Mroczny Obled\unins000.exe"
Amnesia: Mroczny Obłęd-->"C:\Program Files (x86)\InstallShield Installation Information\{F9A9C54B-1438-4553-B27C-4A4BBC69920A}\setup.exe" -runfromtemp -l0x0415 -removeonly
Archiwizator WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Ashampoo Burning Studio Elements 10.0.9-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio Elements\unins000.exe"
Assassin's Creed-->C:\Program Files (x86)\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0015 -removeonly
ASUS Smart Doctor-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{809D7E6D-915D-4EAD-821F-E13D93F37161} /l1033
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
bl-->MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r-->D:\Gry\Call of Duty Black Ops [RevOps] Eng\Uninstall.exe
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0415
Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}
Colin McRae. DiRT 2-->"C:\Users\Użytkownik\AppData\Local\R.G. Mechanics\Colin McRae. DiRT 2\Uninstall\unins000.exe"

DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dead Island Riptide-->"D:\Gry\Dead Island Riptide\Uninstall\unins000.exe"
Dirt 2 Spolszczenie by O22y-->"D:\Gry\R.G. Mechanics\Colin McRae. DiRT 2\unins000.exe"
Driver Genius Professional Edition-->"C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe"
Dziobas Rar Player 0.009.52-->"C:\Program Files (x86)\Dziobas Rar Player\unins000.exe"
Euro Truck Simulator 2-->"D:\Gry\Euro Truck Simulator 2\unins000.exe"
Fallout 3-->"C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -runfromtemp -l0x0015 -removeonly
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Frontlines: Fuel of War-->"C:\Program Files (x86)\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x0015 -removeonly
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000B8301}
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8302}
Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8303}
GTA3 PL-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3AD22980-7E0B-11D6-9C4B-0001020AA251}\Setup.exe" -l0x9
GTAIII-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x15
Heroes of Might and Magic III - Złota Edycja-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8B743AA0-53B2-11D2-808A-00600895FB43}\setup.exe" -l0x15
HI-TECH C51-lite V9.60PL0-->"C:\Program Files (x86)\HI-TECH Software\HC51\lite\9.60\resources\setup.exe"
HI-TECH PICC lite V9.60PL0-->"C:\Program Files (x86)\HI-TECH Software\PICC\lite\9.60\resources\setup.exe"
HydraVision-->MsiExec.exe /X{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java 7 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217013FF}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {0ACC2993-2058-4BE7-9A92-9DCDAA9B3412} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}
Łatka polonizacyjna GTA IV v1.0-->"D:\Gry\Rockstar Games\Grand Theft Auto IV\Spolszczenie\Deinstalator.exe"
Mafia II-->"D:\Gry\Mafia II\unins000.exe"
Malwarebytes Anti-Malware wersja 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox 23.0.1 (x86 pl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MPC-HC 1.6.4.6052-->"C:\Program Files (x86)\MPC-HC\unins000.exe"
National Instruments Software-->"C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\uninst.exe"
Need for Speed Underground 2-->D:\Gry\Electronic Arts\Need for Speed Underground 2\EAUninstall.exe
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Need for Speed™ Most Wanted-->D:\Gry\Electronic Arts\Need for Speed Most Wanted\EAUninstall.exe
NewFreeScreensaver nfsBalls02-->"C:\Program Files (x86)\NewFreeScreensavers\nfsClock14\unins000.exe"
NewFreeScreensaver nfsRadar-->"C:\Program Files (x86)\NewFreeScreensavers\nfsRadar\unins000.exe"
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OPC Core Components 2.00 Redistributable-->MsiExec.exe /I{7D0575F4-A8BD-4B4D-9244-542E9EE54FED}
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
ph-->MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}
PS TO PC CONVERTER-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}\setup.exe" -l0x9
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0415 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Risen 2 - Dark Waters-->"D:\Gry\Deep Silver\Risen 2 - Dark Waters\unins000.exe"
Risen-->"C:\Program Files (x86)\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0015 -removeonly
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Saints Row The Third-->"D:\Gry\Saints Row The Third\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended
SHIFT 2 UNLEASHED™-->MsiExec.exe /X{E8C37E27-5205-4C8A-BECB-B00533045AAE}
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Sniper Elite: Nazi Zombie Army-->"D:\Gry\Sniper Elite Nazi Zombie Army\unins000.exe"
Sony Ericsson Update Engine-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
Sony PC Companion 2.10.108-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0409 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0015 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Extended
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XSplit-->MsiExec.exe /X{24570B2F-3937-47F0-A16A-E82B480A7699}

======Hosts File======

127.0.0.1 www.moviestarplanet.de
127.0.0.1 moviestarplanet.de
127.0.0.1 www.moviestarplanet.co.uk
127.0.0.1 moviestarplanet.co.uk
127.0.0.1 www.moviestarplanet.fr
127.0.0.1 moviestarplanet.fr
127.0.0.1 www.moviestarplanet.nl
127.0.0.1 moviestarplanet.nl
127.0.0.1 www.moviestarplanet.se
127.0.0.1 moviestarplanet.se

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0403
"RGSCLauncher"=D:\Gry\Rockstar Games\Rockstar Games Social Club
"RGSC"=D:\Gry\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES

-----------------EOF-----------------

[/log]

log: [log]Logfile of random's system information tool 1.09 (written by random/random)
Run by Bolqu at 2013-09-01 10:29:57
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 33 GB (20%) free of 170 GB
Total RAM: 3327 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:34, on 2013-09-01
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Użytkownik\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Bolqu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SysWOW64\OpcEnum.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7558 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Go for FilesUpdate.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job
C:\Windows\tasks\SymInstallStub.job
C:\Windows\tasks\YourFile Update.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default

prefs.js - "browser.startup.homepage" - "www.google.pl"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nplv86win32.dll
nplv90win32.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\
ascsurfingprotection@iobit.com
IplextoALL@ALLPlayer.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-07 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-07 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2011-03-07 1475584]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2011-10-06 393216]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.vorbis"=vorbis.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.lags"=lagarith.dll
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-01 10:29:59 ----D---- C:\Program Files (x86)\trend micro
2013-09-01 10:29:57 ----D---- C:\rsit
2013-08-31 17:01:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-08-24 21:19:33 ----D---- C:\ProgramData\Steam
2013-08-23 19:50:37 ----D---- C:\Downloads
2013-08-23 19:50:36 ----D---- C:\Users\Użytkownik\AppData\Roaming\ProgSense
2013-08-23 19:49:18 ----D---- C:\Users\Użytkownik\AppData\Roaming\Orbit
2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.pif
2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.exe
2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.dat
2013-08-20 20:53:44 ----D---- C:\ProgramData\REVOLT
2013-08-18 23:49:39 ----D---- C:\Users\Użytkownik\AppData\Roaming\VenusHostage
2013-08-18 18:48:14 ----D---- C:\Users\Użytkownik\AppData\Roaming\IrfanView
2013-08-18 18:48:13 ----D---- C:\Program Files (x86)\IrfanView
2013-08-16 23:49:41 ----A---- C:\Windows\SysWOW64\tzres.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\url.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-08-16 23:49:12 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-08-16 23:49:12 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-08-16 23:48:31 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 23:48:31 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\wow32.dll
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\user.exe
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\setup16.exe
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\ntdll.dll
2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\instnm.exe
2013-08-16 23:48:05 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\wintrust.dll
2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\crypt32.dll
2013-08-13 20:44:18 ----D---- C:\Program Files (x86)\Rockstar Games

======List of files/folders modified in the last 1 month======

2013-09-01 10:30:30 ----AD---- C:\Windows\Temp
2013-09-01 10:29:59 ----RD---- C:\Program Files (x86)
2013-09-01 10:20:55 ----D---- C:\Users\Użytkownik\AppData\Roaming\AIMP3
2013-09-01 10:10:46 ----D---- C:\Users\Użytkownik\AppData\Roaming\Skype
2013-08-31 21:33:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-31 12:38:01 ----D---- C:\Users\Użytkownik\AppData\Roaming\DAEMON Tools Lite
2013-08-30 15:06:27 ----SHD---- C:\System Volume Information
2013-08-30 14:59:00 ----D---- C:\Download
2013-08-30 14:26:17 ----D---- C:\Windows
2013-08-30 14:23:34 ----D---- C:\Program Files (x86)\BrowseToSave
2013-08-30 00:07:37 ----D---- C:\Windows\inf
2013-08-29 23:53:25 ----SHD---- C:\Boot
2013-08-29 23:13:02 ----D---- C:\Users\Użytkownik\AppData\Roaming\uTorrent
2013-08-29 23:13:01 ----D---- C:\Windows\SoftwareDistribution
2013-08-29 22:51:59 ----D---- C:\Windows\Tasks
2013-08-28 12:52:53 ----D---- C:\Windows\winsxs
2013-08-27 16:25:39 ----D---- C:\Windows\debug
2013-08-27 15:24:45 ----D---- C:\Windows\Panther
2013-08-27 15:24:45 ----D---- C:\Program Files (x86)\Steam
2013-08-26 16:35:32 ----D---- C:\Windows\SysWOW64\pl-PL
2013-08-26 16:35:32 ----D---- C:\Windows\SysWOW64
2013-08-26 16:35:32 ----D---- C:\Windows\System32
2013-08-26 16:35:32 ----D---- C:\Windows\PolicyDefinitions
2013-08-26 16:35:32 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-26 16:35:31 ----RD---- C:\Program Files
2013-08-24 21:19:33 ----HD---- C:\ProgramData
2013-08-22 13:42:01 ----D---- C:\Program Files (x86)\Damian Pasternak
2013-08-20 18:16:28 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 23:37:38 ----A---- C:\m.txt
2013-08-18 22:02:10 ----D---- C:\Users\Użytkownik\AppData\Roaming\TS3Client
2013-08-18 21:16:05 ----D---- C:\Program Files (x86)\AIMP3
2013-08-17 00:55:51 ----D---- C:\Windows\SysWOW64\migration
2013-08-17 00:55:51 ----D---- C:\Windows\AppPatch
2013-08-16 23:12:34 ----D---- C:\Windows\Prefetch
2013-08-06 20:00:26 ----D---- C:\Program Files (x86)\Google
2013-08-06 19:58:59 ----SHD---- C:\Windows\Installer
2013-08-05 23:21:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S3 ALSysIO;ALSysIO; C:\Windows\SysWOW64\drivers\ALSysIO.sys []
S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys []
S3 EagleX64;EagleX64; C:\Windows\SysWOW64\drivers\EagleX64.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys []
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\DRIVERS\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\SysWOW64\drivers\WinRing0_1_2_0.sys []
S3 WinUsb;Sony so0101 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2010-09-14 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 2470736]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe [2009-03-20 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpcEnum;OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [2005-11-25 98304]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-02-10 49152]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 116648]
S4 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 116648]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2009-09-29 695136]
S4 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2010-03-10 43056]
S4 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2010-03-10 53808]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-31 117656]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2010-03-10 358448]
S4 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-05-17 1007616]
S4 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2009-10-20 13896]
S4 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-11-04 66872]
S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2011-11-04 103736]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-12-20 541760]

-----------------EOF-----------------

[/log]

3.DDS: DDS [log]DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.13.2
Run by Bolqu at 10:33:05 on 2013-09-01
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3327.1519 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Użytkownik\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: Interfaces\{9247C03A-EF62-421C-8608-B808EE5718B1} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [RTHDVCPL] c:\program files\realtek\audio\hda\ravcpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-8 56208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-9 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-12-21 50624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-28 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-9 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-26 283200]
R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-8-22 23680]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-20 769168]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-11-23 58536]
S1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2013-1-20 16384]
S2 .EsetTrialReset;Eset Trial Reset;C:\Windows\reset.exe [2009-3-13 357182]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-3-7 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-10-22 14448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-20 19456]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-20 30208]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
S3 zlportio;zlportio;C:\Users\Użytkownik\Desktop\Bardzo wazne dokumenty\Asysten elektronika\Asystent elektronika\zlportio.sys [2013-1-23 4016]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-7-20 574272]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-10 49152]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S4 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-10-22 155320]
.
=============== Created Last 30 ================
.
2013-09-01 08:33:05 -------- d-----w- C:\Users\U?ytkownik\AppData\Local\Microsoft
2013-09-01 08:29:59 -------- d-----w- C:\Program Files (x86)\trend micro
2013-08-24 19:19:33 -------- d-----w- C:\ProgramData\Steam
2013-08-23 17:50:37 -------- d-----w- C:\Downloads
2013-08-23 17:50:36 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\ProgSense
2013-08-23 17:49:18 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\Orbit
2013-08-22 12:22:58 2829 ----a-w- C:\Windows\War3Unin.pif
2013-08-22 12:22:58 139264 ----a-w- C:\Windows\War3Unin.exe
2013-08-20 18:53:44 -------- d-----w- C:\ProgramData\REVOLT
2013-08-18 21:49:39 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\VenusHostage
2013-08-18 16:48:14 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\IrfanView
2013-08-18 16:48:13 -------- d-----w- C:\Program Files (x86)\IrfanView
2013-08-16 21:48:31 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-16 21:48:31 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-16 21:48:31 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-16 21:48:31 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-16 21:48:31 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-16 21:48:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-16 21:48:30 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-16 21:48:30 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-16 21:48:30 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-16 21:48:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-16 21:48:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-16 21:48:05 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-16 21:48:05 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-16 21:47:56 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-16 21:47:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-16 21:47:23 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-16 21:47:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-16 21:47:23 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-16 21:47:23 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-16 21:47:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-16 21:47:23 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-16 21:47:23 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-16 21:47:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-13 18:44:18 -------- d-----w- C:\Program Files (x86)\Rockstar Games
.
==================== Find3M ====================
.
2013-08-16 21:49:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-16 21:49:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-16 21:49:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-16 21:49:13 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-16 21:49:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-16 21:49:13 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-08-16 21:48:30 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-28 10:41:48 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2013-07-28 10:41:48 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2013-07-28 10:41:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-07-28 10:41:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-07-28 10:41:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-07-28 10:41:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-07-28 10:41:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-07-28 10:41:29 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-07-28 10:41:29 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-07-28 10:41:29 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-07-28 10:41:29 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-07-28 10:41:29 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-07-28 10:39:52 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-07-28 10:39:52 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-07-28 10:39:52 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-07-28 10:39:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-07-28 10:39:52 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-07-28 10:39:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-07-28 10:39:52 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-07-20 20:45:30 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-20 20:43:17 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-20 20:43:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-20 20:36:12 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-20 20:36:12 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 20:35:19 1545728 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-20 20:35:19 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-20 20:21:48 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-07-20 20:20:57 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-07-20 20:20:57 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-07-20 20:20:06 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-07-20 20:20:06 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-07-20 20:18:19 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-07-20 20:18:19 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-07-20 20:18:19 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-07-20 20:18:19 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-07-20 20:17:19 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-20 20:17:19 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-07-20 20:17:19 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-07-20 20:11:24 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-07-20 20:11:24 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-07-20 20:11:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-07-20 20:11:24 111448 ----a-w- C:\Windows\System32\consent.exe
2013-07-20 20:10:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-07-20 20:10:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-07-20 20:09:49 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-07-20 20:09:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-07-20 20:09:48 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-07-20 20:09:48 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-07-20 20:09:48 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-07-20 20:09:48 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-07-20 20:09:07 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-07-20 20:07:17 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-07-20 20:07:17 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-07-20 20:07:17 112640 ----a-w- C:\Windows\System32\smss.exe
2013-07-20 20:06:30 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-07-20 20:05:51 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2013-07-20 20:05:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-07-20 20:01:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-07-20 19:58:49 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-07-20 19:58:07 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-07-20 19:58:07 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-07-20 19:51:02 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-07-20 19:51:02 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-07-20 19:45:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-07-20 19:45:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-07-20 19:45:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-07-20 19:45:28 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-07-20 19:45:28 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-07-20 19:45:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-07-20 19:44:46 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-07-20 19:44:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-07-20 19:44:46 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-07-20 19:44:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-07-20 19:44:46 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-07-20 19:44:46 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-07-20 19:41:41 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-07-20 19:41:41 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-07-20 19:41:08 609792 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-20 19:41:08 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-20 19:40:35 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-07-20 19:40:35 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-07-20 19:40:01 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-07-20 19:40:01 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-07-20 19:40:01 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-07-20 19:40:01 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-07-20 19:40:01 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-07-20 19:40:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-07-20 19:40:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-07-20 19:39:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-07-20 19:39:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-07-20 19:39:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-07-20 19:32:06 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-07-20 19:32:06 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
.
============= FINISH: 10:33:24,38 ===============

[/log]

Attach: [log].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-10-28 19:10:38
System Uptime: 2013-09-01 10:06:52 (0 hours ago)
.
Motherboard: MSI | | 870A-G46 (MS-7599)
Processor: AMD Phenom(tm) II X4 965 Processor | CPU1 | 2176/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 166 GiB total, 32,659 GiB free.
D: is FIXED (NTFS) - 300 GiB total, 7,993 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Advanced SystemCare 6
AIMP3
ALLPlayer V5.X
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Amnesia - The Dark Descent
Amnesia: Mroczny Obłęd
Archiwizator WinRAR
Ashampoo Burning Studio Elements 10.0.9
Assassin's Creed
ASUS Smart Doctor
ASUS VGA Driver
µTorrent
Battlefield: Bad Company™ 2
bl
Burnout(TM) Paradise The Ultimate Box
Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Codecs for Windows 7 Pack 4.0.5
Colin McRae. DiRT 2
Counter-Strike
CPUID HWMonitor 1.21
DAEMON Tools Lite
Dead Island Riptide
Defraggler
Dirt 2 Spolszczenie by O22y
Driver Genius Professional Edition
Dziobas Rar Player 0.009.52
ESET Smart Security
Euro Truck Simulator 2
Fallout 3
Fraps (remove only)
Frontlines: Fuel of War
Google Chrome
Google Update Helper
Grand Theft Auto IV
GTA3 PL
GTAIII
Heroes of Might and Magic III - Złota Edycja
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HydraVision
IrfanView (remove only)
Java 7 Update 13
Java Auto Updater
LogMeIn Hamachi
Mafia II
Malwarebytes Anti-Malware wersja 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared 64-bit MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 23.0.1 (x86 pl)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052
National Instruments Software
Need for Speed Underground 2
Need for Speed(TM) Hot Pursuit
Need for Speed™ Most Wanted
NewFreeScreensaver nfsBalls02
NewFreeScreensaver nfsRadar
NI Circuit Design Suite 11.0.1 Core
NI Circuit Design Suite 11.0.1 Pro
NI Circuit Design Suite 11.0.1 Pro Licenses
NI EULA Depot
NI Example Finder 9.0
NI Help Assistant
NI Help Assistant (64bit)
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI License Manager
NI Logos 5.1.3
NI Logos XT Support
NI Logos64 5.1.3
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MDF Support
NI MetaSuite Installer
NI Service Locator
NI TDMS
NI TDMS (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service
NI Update Service Full
NI USI 1.7.0
NI USI 1.7.0 64-Bit
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
NVIDIA PhysX
OPC Core Components 2.00 Redistributable
OpenAL
ph
PS TO PC CONVERTER
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Risen
Risen 2 - Dark Waters
RocketDock 1.3.5
Rockstar Games Social Club
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SHIFT 2 UNLEASHED™
Skype Click to Call
Skype™ 6.3
Sniper Elite: Nazi Zombie Army
Sony Ericsson Update Engine
Sony PC Companion 2.10.108
Steam
swMSM
TeamSpeak 3 Client
The Sims™ 3
Łatka polonizacyjna GTA IV v1.0
Unity Web Player
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Utility
Warcraft III
Warcraft III: wszystkie elementy
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
XSplit
.
==== End Of File ===========================

[/log]

4.GMER: [log]GMER 2.1.19163 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2013-09-01 10:41:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500413AS rev.JC4B 465,76GB
Running: qv8imor7.exe; Driver: C:\Users\UYTKOW~1\AppData\Local\Temp\kxtdqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033b6000 63 bytes [00, 00, 17, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff800033b6042 4 bytes [00, 00, 00, 00]
.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88007228d64 12 bytes {MOV RAX, 0xfffffa8003dc92a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766187b1 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\AIMP3\AIMP3.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\AIMP3\AIMP3.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xc5a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xc5a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xc5a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xc5a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xc5a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xc5a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xc5a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xc5a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xc5a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xc5a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xc5a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xc5a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xc5a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xc5a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x6b7a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x6b7a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x6b79a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x6b7928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x6b7b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x6b7b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x6b7ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x6b7aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x6b7868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x6b78a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x6b7828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x6b79e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x6b7968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x6b78e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x63be28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x63be68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x63bda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x63bd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x63bf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x63bf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x63bee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x63bea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x63bc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x63bca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x63bc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x63bde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x63bd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x63bce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x5bf628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x5bf668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x5bf5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x5bf528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x5bf728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x5bf768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x5bf6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x5bf6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x5bf468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x5bf4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x5bf428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x5bf5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x5bf568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x5bf4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xe38228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xe38268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xe381a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xe38128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xe38328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xe38368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xe382e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xe382a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xe38068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xe380a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xe38028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xe381e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xe38168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xe380e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xf8aa28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xf8aa68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xf8a9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xf8a928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xf8ab28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xf8ab68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xf8aae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xf8aaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xf8a868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xf8a8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xf8a828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xf8a9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xf8a968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xf8a8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x414628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x414668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x4145a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x414528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x414728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x414768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x4146e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x4146a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x414468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x4144a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x414428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x4145e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x414568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x4144e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xdeb628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xdeb668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xdeb5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xdeb528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xdeb728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xdeb768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xdeb6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xdeb6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xdeb468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xdeb4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xdeb428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xdeb5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xdeb568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xdeb4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xf7c228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xf7c268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xf7c1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xf7c128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xf7c328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xf7c368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xf7c2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xf7c2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xf7c068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xf7c0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xf7c028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xf7c1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xf7c168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xf7c0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
.text C:\Users\Użytkownik\Downloads\qv8imor7.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Users\Użytkownik\Downloads\qv8imor7.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a5f1c] \SystemRoot\System32\Drivers\sptd.sys [unknown section]
IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a5cc0] \SystemRoot\System32\Drivers\sptd.sys [unknown section]
IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a669c] \SystemRoot\System32\Drivers\sptd.sys [unknown section]
IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a6a98] \SystemRoot\System32\Drivers\sptd.sys [unknown section]
IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a68f4] \SystemRoot\System32\Drivers\sptd.sys [unknown section]

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-6 fffffa800279e2c0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800279e2c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa800279e2c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa800279e2c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa800279e2c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa800279e2c0
Device \Driver\agweu8kn \Device\Scsi\agweu8kn1 fffffa8003f172c0
Device \Driver\anthxtbz \Device\Scsi\anthxtbz1 fffffa8003f872c0
Device \FileSystem\Ntfs \Ntfs fffffa80028542c0
Device \Driver\usbohci \Device\USBPDO-5 fffffa8003e3c2c0
Device \Driver\usbehci \Device\USBFDO-3 fffffa8003e592c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa8003e592c0
Device \Driver\cdrom \Device\CdRom0 fffffa80039ca2c0
Device \Driver\usbehci \Device\USBPDO-6 fffffa8003e592c0
Device \Driver\usbohci \Device\USBFDO-4 fffffa8003e3c2c0
Device \Driver\usbohci \Device\USBPDO-2 fffffa8003e3c2c0
Device \Driver\usbohci \Device\USBFDO-0 fffffa8003e3c2c0
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80037be2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{9247C03A-EF62-421C-8608-B808EE5718B1} fffffa80039c82c0
Device \Driver\usbohci \Device\USBFDO-5 fffffa8003e3c2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{0DEE9890-EEE6-4602-B5A6-F74D4A6C497F} fffffa80039c82c0
Device \Driver\usbehci \Device\USBPDO-3 fffffa8003e592c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa8003e592c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80039c82c0
Device \Driver\usbehci \Device\USBFDO-6 fffffa8003e592c0
Device \Driver\usbohci \Device\USBPDO-4 fffffa8003e3c2c0
Device \Driver\atapi \Device\ScsiPort0 fffffa800279e2c0
Device \Driver\usbohci \Device\USBFDO-2 fffffa8003e3c2c0
Device \Driver\usbohci \Device\USBPDO-0 fffffa8003e3c2c0
Device \Driver\atapi \Device\ScsiPort1 fffffa800279e2c0
Device \Driver\atapi \Device\ScsiPort2 fffffa800279e2c0
Device \Driver\atapi \Device\ScsiPort3 fffffa800279e2c0
Device \Driver\agweu8kn \Device\ScsiPort4 fffffa8003f172c0
Device \Driver\anthxtbz \Device\ScsiPort5 fffffa8003f872c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800279e2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800279e2c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800381b060] fffffa800381b060
Trace 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa80036ec9b0] fffffa80036ec9b0
Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80037a2060] fffffa80037a2060
Trace \Driver\atapi[0xfffffa8002892530] -> IRP_MJ_CREATE -> 0xfffffa800279e2c0 fffffa800279e2c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\agweu8kn.SYS fffff88007265000-fffff880072a7000 (270336 bytes)
Module \SystemRoot\System32\Drivers\anthxtbz.SYS fffff88006f8e000-fffff88006fdf000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167ca0a16
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167ca0a16@2021a5715d63 0xF6 0x0B 0x70 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x36 0xD1 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x88 0xEE 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xF0 0x19 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x6A 0x41 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167ca0a16 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167ca0a16@2021a5715d63 0xF6 0x0B 0x70 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x36 0xD1 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xEA 0xD2 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xF0 0x19 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x6A 0x41 0x55 ...

---- EOF - GMER 2.1 ----

[/log]


Co mam zrobić?

Natsuki Kuga
komentarz
komentarz

Wywaliłem z systemu IE

 

Przy okazji, IE nie powinno się odinstalowywać z systemu, ponieważ to jego integralny składnik i potem mogą wyskakiwać różne dziwne komunikaty/ problemy.

 

 

SRV:64bit: - [2013-07-20 22:46:35 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

Samodzielnie wyłączałeś usługę Windows Defendera, czy sama się zatrzymała?

1. Do OTL w okno Własne opcje skanowania/Skrypt wklej:


:OTL
File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

Kliknij Wykonaj skrypt, pokaż raport.

2. Zaglądnij do apletu Dodaj/usuń programy. Czy znasz lub używasz aplikacje o nazwach: ph, bl ?
 

Bolqu
komentarz
komentarz

1. Nie usunąłem IE tylko odznaczyłem w "Włącz lub wyłącz funkcje systemu Windows".

2.Sam odznaczyłem tego Defendera bo nie wiem po co mi on :D
3. RAPORT

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 09022013_215033
4. W aplecie Dodaj/usuń programy nie zauważyłem żadnej takie aplikacji "pf,bl" (nie wiem co to ma być i co to znaczy ^^).

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.