Bolqu utworzono 30 sierpnia 2013 utworzono 30 sierpnia 2013 (edytowane) Witam! Mam komputer z win7 professional już 2lata. Po pierwszym roku nie zauważyłem żadnego spowolnienia. Ostatnimi czasy komputer włącza się ponad minutę. Z tego co zauważyłem **Panel sterowania\Wszystkie elementy Panelu sterowania\Informacje wydajności i narzędzia\Narzędzia zaawansowane** Wyskoczył mi taki komunikat: 1. http://imageshack.us/f/819/kwgd.png/ Żadnego z tych programów/aplikacji nie mam na PC. Nie wiem jak to usunąć. Wkurza mnie czekanie aż komputer zaskoczy. Jak łączą się te kwadraty we flagę windowsa to trwa to ponad 18sekund + kilka sekund ekran Zapraszamy. 2.+usługi w msconfigu : http://imageshack.us/f/703/vjgu.png/ 3.zainstalowane programy : http://imageshack.us/g/1/10297930/ 4. zainstalowane aktualizacje (AdvancedSystemCare je zainstalował ...) : http://imageshack.us/g/1/10297932/ Zbędne programy zostały odinstalowane, zbędne usługi wyłączone, a w autostarcie mam tylko kilka programów. Wywaliłem z systemu IE, gry oraz wszystkie funkcje multimedialne. Dysk defregmentuję co tydzień. System czyszczę ASC6 i Ccleanerem. Z góry dzięki za pomoc, Pozdrawiam :D ps. Mój komputer to: Procek: AMD Phenom II 965 Grafa: Asus Radeon 6850 1gb Płyta główna: MSI 870A-G46 ram 4gb
VAq komentarz 30 sierpnia 2013 komentarz 30 sierpnia 2013 W msconfig ustaw uruchamianie z maksymalna ilością procesorów i pamięcią RAM. Jaki masz system? 32 czy 64?Wysłane z mojego HTC One S za pomocą Tapatalk 2
Bolqu komentarz 31 sierpnia 2013 Autor komentarz 31 sierpnia 2013 (edytowane) Msconfig>rozruch>zaawansowane>liczba procesorów 4, maksymalną pamięć mam zaznaczyć i wpisać 4gb(4096). Ciekawe czy coś pomoże. ps. Nic nie pomogło :(
VAq komentarz 31 sierpnia 2013 komentarz 31 sierpnia 2013 Wyczyść rejestr CCleanerem. Miałem taki problem już i pomogło przywrócenie domyślnych ustawień BIOSu. Polecam jeszcze sprawdzić pamięć ram pod względem prawidłowo działania, np programem Memtest. Wysłane z mojego HTC One S za pomocą Tapatalk 2
Natsuki Kuga komentarz 31 sierpnia 2013 komentarz 31 sierpnia 2013 Zapoznaj się z tematami przyklejonymi działu i pokaż zestaw odpowiednich logów.
Bolqu komentarz 1 września 2013 Autor komentarz 1 września 2013 Wrzucam logi z OTL, RSIT, DDS i GMER: 1.OTL : [log]OTL logfile created on: 2013-09-01 10:19:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Użytkownik\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free 6,50 Gb Paging File | 4,39 Gb Available in Paging File | 67,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 165,80 Gb Total Space | 32,67 Gb Free Space | 19,70% Space Free | Partition Type: NTFS Drive D: | 299,96 Gb Total Space | 7,99 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Computer Name: BOLQU | User Name: Bolqu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-09-01 10:17:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Użytkownik\Downloads\OTL.exe PRC - [2013-08-18 21:16:02 | 001,651,144 | ---- | M] (AIMP DevTeam) -- C:\Program Files (x86)\AIMP3\AIMP3.exe PRC - [2013-07-25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-06-28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011-10-06 22:54:02 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2011-09-16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2010-09-30 20:56:56 | 001,290,240 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe PRC - [2010-09-14 17:17:00 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2013-08-18 21:16:04 | 001,733,120 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll MOD - [2013-08-18 21:16:04 | 000,435,200 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll MOD - [2013-08-18 21:16:04 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\MACDll.dll MOD - [2013-08-18 21:16:03 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Sqlite3.dll MOD - [2013-08-18 21:16:03 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll MOD - [2013-08-18 21:16:03 | 000,141,768 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll MOD - [2013-08-18 21:16:03 | 000,071,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll MOD - [2013-08-18 21:16:03 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp MOD - [2013-07-25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll MOD - [2013-07-25 02:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll MOD - [2013-07-25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll MOD - [2013-07-25 02:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll MOD - [2013-07-25 02:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll MOD - [2013-07-25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll MOD - [2012-04-30 09:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll MOD - [2012-04-30 09:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll MOD - [2012-04-30 09:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll MOD - [2012-04-30 09:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll MOD - [2012-04-30 09:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll MOD - [2011-10-06 22:53:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll MOD - [2010-09-14 17:21:00 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll MOD - [2010-09-14 17:17:00 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-07-20 22:46:35 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012-12-19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012-12-19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-08-31 17:01:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-06-28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2013-02-10 23:23:38 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2012-12-20 19:29:54 | 000,541,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-01-18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011-11-04 16:28:42 | 000,103,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011-11-04 16:28:34 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-09-14 17:17:00 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR) SRV - [2010-05-17 18:18:44 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-10 10:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2010-03-10 10:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2010-03-10 10:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2009-10-20 10:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc) SRV - [2009-09-29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-03-20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2005-11-25 09:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\OpcEnum.exe -- (OpcEnum) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-07-28 12:41:29 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013-07-28 12:41:29 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013-07-20 21:30:40 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013-07-20 21:30:40 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2013-07-20 21:30:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013-07-20 21:14:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013-01-26 10:02:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013-01-25 16:19:00 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013-01-20 20:15:43 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64) DRV:64bit: - [2012-12-19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-12-19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-11-08 21:42:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012-11-08 21:42:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012-11-06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012-10-29 17:22:08 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012-10-22 20:02:00 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012-10-22 20:02:00 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012-08-28 14:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012-08-27 20:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2012-08-27 20:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:64bit: - [2011-11-03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011-03-07 16:25:49 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2011-03-07 16:25:48 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010-12-21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2010-12-21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2010-12-21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2010-09-14 16:21:00 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2010-07-01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010-06-17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001-09-22 10:16:42 | 000,004,016 | ---- | M] (SpecoSoft) [Kernel | On_Demand | Stopped] -- C:\Users\Użytkownik\Desktop\Bardzo wazne dokumenty\Asysten elektronika\Asystent elektronika\zlportio.sys -- (zlportio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url] IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q="]http://www.bing.com/search?q=[/url]{searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3 FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Użytkownik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011-10-28 19:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-08-31 17:01:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-10-28 19:58:49 | 000,000,000 | ---D | M] [2011-10-28 19:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Extensions [2013-08-23 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions [2013-07-20 20:00:29 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\ascsurfingprotection@iobit.com [2012-04-03 14:21:16 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\IplextoALL@ALLPlayer.org [2011-10-30 12:31:22 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\firefox\profiles\oqoqhlrn.default\extensions\IplextoALL@ALLPlayer.org.xpi [2012-09-23 18:15:40 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\Użytkownik\AppData\Roaming\mozilla\firefox\profiles\oqoqhlrn.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-31 17:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-08-31 17:01:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-31 17:01:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-31 17:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-08-31 17:01:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM [2008-12-10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll [2010-05-25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Unity Player (Enabled) = C:\Users\U\u017Cytkownik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Dokumenty Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Gmail = C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-02-07 20:37:27 | 000,001,844 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.moviestarplanet.de O1 - Hosts: 127.0.0.1 moviestarplanet.de O1 - Hosts: 127.0.0.1 www.moviestarplanet.co.uk O1 - Hosts: 127.0.0.1 moviestarplanet.co.uk O1 - Hosts: 127.0.0.1 www.moviestarplanet.fr O1 - Hosts: 127.0.0.1 moviestarplanet.fr O1 - Hosts: 127.0.0.1 www.moviestarplanet.nl O1 - Hosts: 127.0.0.1 moviestarplanet.nl O1 - Hosts: 127.0.0.1 www.moviestarplanet.se O1 - Hosts: 127.0.0.1 moviestarplanet.se O1 - Hosts: 127.0.0.1 www.moviestarplanet.dk O1 - Hosts: 127.0.0.1 moviestarplanet.dk O1 - Hosts: 127.0.0.1 www.moviestarplanet.no O1 - Hosts: 127.0.0.1 moviestarplanet.no O1 - Hosts: 127.0.0.1 www.moviestarplanet.fi O1 - Hosts: 127.0.0.1 moviestarplanet.fi O1 - Hosts: 127.0.0.1 www.moviestarplanet.com.tr O1 - Hosts: 127.0.0.1 moviestarplanet.com.tr O1 - Hosts: 127.0.0.1 www.moviestarplanet.ie O1 - Hosts: 127.0.0.1 moviestarplanet.ie O1 - Hosts: 127.0.0.1 www.moviestarplanet.com.au O1 - Hosts: 127.0.0.1 moviestarplanet.com.au O1 - Hosts: 127.0.0.1 www.moviestarplanet.co.nz O1 - Hosts: 127.0.0.1 moviestarplanet.co.nz O1 - Hosts: 127.0.0.1 www.moviestarplanet.ca O1 - Hosts: 8 more lines... O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [RTHDVCPL] c:\program files\realtek\audio\hda\ravcpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url] (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9247C03A-EF62-421C-8608-B808EE5718B1}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3ffa995c-1c63-11e2-85c0-6c626d3cafa9}\Shell - "" = AutoRun O33 - MountPoints2\{3ffa995c-1c63-11e2-85c0-6c626d3cafa9}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{5a2de262-0efe-11e1-95a6-6c626d3cafa9}\Shell - "" = AutoRun O33 - MountPoints2\{5a2de262-0efe-11e1-95a6-6c626d3cafa9}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{8a23d14a-678e-11e2-92ad-6c626d3cafa9}\Shell - "" = AutoRun O33 - MountPoints2\{8a23d14a-678e-11e2-92ad-6c626d3cafa9}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{afa6ad9f-0f86-11e1-8b48-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{afa6ad9f-0f86-11e1-8b48-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-08-31 17:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-08-29 22:51:59 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013-08-24 21:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013-08-23 19:50:37 | 000,000,000 | ---D | C] -- C:\Downloads [2013-08-23 19:50:36 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\ProgSense [2013-08-23 19:49:18 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\Orbit [2013-08-22 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Desktop\pendrajf [2013-08-22 14:22:58 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2013-08-22 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III [2013-08-22 14:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2013-08-20 20:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2013-08-20 20:53:38 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Documents\Telltale Games [2013-08-18 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\VenusHostage [2013-08-18 18:48:14 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Roaming\IrfanView [2013-08-18 18:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2013-08-18 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013-08-18 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Desktop\na tablica pl [2013-08-16 23:49:13 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-08-16 23:49:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-08-16 23:49:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-08-16 23:49:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-08-16 23:49:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-08-16 23:49:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-08-16 23:49:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-08-16 23:48:31 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-08-16 23:48:31 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-08-16 23:48:31 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-08-16 23:48:31 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-08-16 23:48:31 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-08-16 23:48:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-08-16 23:48:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-08-16 23:48:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-08-16 23:48:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-08-16 23:48:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-08-16 23:48:05 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013-08-16 23:47:23 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-08-16 23:47:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-08-16 23:47:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-08-15 22:42:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\Documents\GTA San Andreas User Files [2013-08-14 09:25:37 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Local\Risen2 [2013-08-14 09:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2013-08-13 20:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2013-08-06 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\Użytkownik\AppData\Local\NFS Underground 2 [2013-08-06 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2013-08-06 20:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-09-01 10:14:35 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-09-01 10:14:35 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-09-01 10:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-09-01 10:07:11 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013-08-30 13:45:15 | 000,025,222 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje5.png [2013-08-30 13:43:53 | 000,235,710 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje4.png [2013-08-30 13:43:25 | 000,233,761 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje3.png [2013-08-30 13:43:10 | 000,236,050 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje2.png [2013-08-30 13:42:48 | 000,225,711 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aktualizacje.png [2013-08-30 13:41:30 | 000,206,549 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy3.png [2013-08-30 13:41:14 | 000,213,232 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy2.png [2013-08-30 13:40:48 | 000,232,525 | ---- | M] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy.png [2013-08-30 13:28:17 | 000,106,642 | ---- | M] () -- C:\Users\Użytkownik\Desktop\mysconfig.png [2013-08-30 13:26:36 | 000,068,342 | ---- | M] () -- C:\Users\Użytkownik\Desktop\dziwne.png [2013-08-30 11:35:50 | 002,648,702 | ---- | M] () -- C:\Users\Użytkownik\Documents\AutoRuns.arn [2013-08-30 00:02:14 | 000,007,600 | ---- | M] () -- C:\Users\Użytkownik\AppData\Local\Resmon.ResmonCfg [2013-08-29 13:05:41 | 000,013,610 | ---- | M] () -- C:\Users\Użytkownik\Desktop\aimp3 — skrót.lnk [2013-08-26 15:26:27 | 000,001,041 | ---- | M] () -- C:\Users\Użytkownik\Desktop\SaintsRowIV.exe — skrót.lnk [2013-08-22 18:04:05 | 001,671,304 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-08-22 18:04:05 | 000,741,078 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-08-22 18:04:05 | 000,654,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-08-22 18:04:05 | 000,155,674 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-08-22 18:04:05 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-08-22 14:39:56 | 000,067,351 | ---- | M] () -- C:\Windows\War3Unin.dat [2013-08-22 14:33:39 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2013-08-22 14:33:39 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2013-08-21 11:36:31 | 000,033,166 | ---- | M] () -- C:\Users\Użytkownik\Desktop\beny.aimppl [2013-08-20 20:57:54 | 000,001,355 | ---- | M] () -- C:\Users\Użytkownik\Desktop\WalkingDead101.exe — skrót.lnk [2013-08-17 14:28:02 | 000,000,934 | ---- | M] () -- C:\Users\Użytkownik\Desktop\gta_sa.exe — skrót.lnk [2013-08-16 23:49:13 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-08-16 23:49:13 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-08-16 23:49:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-08-16 23:49:13 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-08-16 23:49:13 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-08-16 23:49:13 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-08-16 23:49:13 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-08-16 23:48:31 | 005,550,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-08-16 23:48:31 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-08-16 23:48:31 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-08-16 23:48:31 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-08-16 23:48:31 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-08-16 23:48:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-08-16 23:48:30 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-08-16 23:48:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-08-16 23:48:30 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-08-16 23:48:30 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-08-16 23:48:05 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013-08-16 23:47:23 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-08-16 23:47:23 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-08-16 23:47:23 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-08-15 10:00:37 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Risen 2 - Dark Waters.lnk [2013-08-14 15:35:34 | 000,008,236 | ---- | M] () -- C:\Users\Użytkownik\Desktop\tjeeeeaa.aimppl [2013-08-06 20:46:05 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk [2013-08-06 19:58:54 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-08-31 12:49:22 | 000,154,119 | ---- | C] () -- C:\Users\Użytkownik\Desktop\Memtest86+ USB Installer.exe [2013-08-30 13:45:15 | 000,025,222 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje5.png [2013-08-30 13:43:53 | 000,235,710 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje4.png [2013-08-30 13:43:24 | 000,233,761 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje3.png [2013-08-30 13:43:09 | 000,236,050 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje2.png [2013-08-30 13:42:48 | 000,225,711 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aktualizacje.png [2013-08-30 13:41:30 | 000,206,549 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy3.png [2013-08-30 13:41:14 | 000,213,232 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy2.png [2013-08-30 13:40:48 | 000,232,525 | ---- | C] () -- C:\Users\Użytkownik\Desktop\zainstalowane programy.png [2013-08-30 13:28:17 | 000,106,642 | ---- | C] () -- C:\Users\Użytkownik\Desktop\mysconfig.png [2013-08-30 13:26:13 | 000,068,342 | ---- | C] () -- C:\Users\Użytkownik\Desktop\dziwne.png [2013-08-30 11:35:50 | 002,648,702 | ---- | C] () -- C:\Users\Użytkownik\Documents\AutoRuns.arn [2013-08-29 13:05:41 | 000,013,610 | ---- | C] () -- C:\Users\Użytkownik\Desktop\aimp3 — skrót.lnk [2013-08-27 23:41:44 | 000,246,006 | ---- | C] () -- C:\Windows6.1-KB2581464-x64.msu [2013-08-26 15:26:27 | 000,001,041 | ---- | C] () -- C:\Users\Użytkownik\Desktop\SaintsRowIV.exe — skrót.lnk [2013-08-22 14:22:58 | 000,067,351 | ---- | C] () -- C:\Windows\War3Unin.dat [2013-08-22 14:22:58 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2013-08-21 11:36:31 | 000,033,166 | ---- | C] () -- C:\Users\Użytkownik\Desktop\beny.aimppl [2013-08-20 20:57:54 | 000,001,355 | ---- | C] () -- C:\Users\Użytkownik\Desktop\WalkingDead101.exe — skrót.lnk [2013-08-17 14:28:02 | 000,000,934 | ---- | C] () -- C:\Users\Użytkownik\Desktop\gta_sa.exe — skrót.lnk [2013-08-14 15:35:34 | 000,008,236 | ---- | C] () -- C:\Users\Użytkownik\Desktop\tjeeeeaa.aimppl [2013-08-14 09:22:23 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Risen 2 - Dark Waters.lnk [2013-08-06 20:46:05 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk [2013-08-06 19:58:54 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job [2012-09-28 19:25:03 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat [2012-08-28 14:44:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-08-28 14:44:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-08-28 14:44:01 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012-08-26 23:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2012-08-21 05:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2012-08-21 05:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-08-21 05:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2012-08-21 05:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2012-08-21 05:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2012-08-21 05:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2012-08-21 05:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2012-08-21 05:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2012-08-21 05:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2012-08-21 05:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2012-07-19 20:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012-07-19 20:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll [2012-07-19 20:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll [2012-07-19 20:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012-07-19 20:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012-07-19 20:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll [2012-07-19 20:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-03-15 17:03:05 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI [2011-12-24 18:35:11 | 001,645,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-12-07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2011-11-04 16:28:36 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-11-04 16:28:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-11-04 16:28:33 | 000,000,315 | ---- | C] () -- C:\Windows\game.ini [2011-10-28 20:45:40 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2011-10-28 19:57:58 | 000,007,600 | ---- | C] () -- C:\Users\Użytkownik\AppData\Local\Resmon.ResmonCfg [2011-10-28 19:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-09-08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011-09-08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011-09-08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011-09-08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011-09-08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011-09-08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011-09-08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011-09-08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011-09-08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011-09-08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-20 22:11:24 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-20 22:11:24 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2011-03-07 16:26:24 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-08-02 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2012-08-02 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2013-09-01 10:20:55 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\AIMP3 [2012-03-15 09:56:51 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Ashampoo [2013-02-08 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013-08-31 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\DAEMON Tools Lite [2011-10-28 19:59:18 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\ESET [2012-05-28 16:52:39 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\GetRightToGo [2012-09-15 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\GoforFiles [2012-12-31 10:52:13 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\IObit [2013-08-18 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\IrfanView [2012-11-02 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\LockHunter [2013-07-12 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\National Instruments [2013-02-27 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\OBS [2013-08-23 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Orbit [2012-06-30 10:59:23 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\poclbm [2013-08-23 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\ProgSense [2011-12-28 19:12:30 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\pymclevel [2013-02-09 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\SplitMediaLabs [2013-08-18 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\TS3Client [2012-10-27 19:59:01 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\TunkDesign [2012-03-11 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\Ubisoft [2013-08-29 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\uTorrent [2013-08-18 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\Użytkownik\AppData\Roaming\VenusHostage ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1084844 bytes -> C:\Windows\Temp:temp < End of report > [/log] 2.RSIT: Extras: [log]OTL Extras logfile created on: 2013-09-01 10:19:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Użytkownik\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,42% Memory free 6,50 Gb Paging File | 4,39 Gb Available in Paging File | 67,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 165,80 Gb Total Space | 32,67 Gb Free Space | 19,70% Space Free | Partition Type: NTFS Drive D: | 299,96 Gb Total Space | 7,99 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Computer Name: BOLQU | User Name: Bolqu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F} "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DisabledInterfaces" = {0DEE9890-EEE6-4602-B5A6-F74D4A6C497F} ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C49F09C-FAD3-47B5-B199-7A39FEFBE344}" = rport=139 | protocol=6 | dir=out | app=system | "{4256EE0E-514F-4461-A573-90D0FC2719DE}" = rport=138 | protocol=17 | dir=out | app=system | "{73AB4780-EB7F-46D4-B0A9-778581EC3F88}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{78B76D38-999F-4FDD-A436-943A41604AA3}" = lport=138 | protocol=17 | dir=in | app=system | "{84135835-0B23-432B-B512-99B5ED434219}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{891EFEA1-56DA-4002-8D56-4D7907A0CBE3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{93D559A1-A6CD-4D72-8EE8-0350E8A1B011}" = lport=137 | protocol=17 | dir=in | app=system | "{942A9BD6-4876-453A-B869-9A8174523AC0}" = rport=445 | protocol=6 | dir=out | app=system | "{A32D4A12-BBCF-4069-BA8D-5753DFA1A047}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A3658D79-9C63-41AD-B646-30F112649032}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B1981C44-5DF5-472D-9C66-0AF9C20201BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD4E1D87-6EBA-46A8-9E3E-4A2637F32B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C8FBE2B4-6978-4C70-9833-937B89308578}" = lport=139 | protocol=6 | dir=in | app=system | "{DD481FE3-DEE3-4A5E-AA10-22DFF978F712}" = rport=137 | protocol=17 | dir=out | app=system | "{EFF574EF-496B-4F10-B478-F9A7E0B0F02E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F3E6C3F4-8417-4D14-9965-F08F6F9DFCA3}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{034BF0A3-54AF-498F-A9DB-D5A730B0E0F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{05A8B32E-2406-49D0-813E-63F2B6408BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{0643DF3F-D61C-4654-A796-A000F9B5A7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{1050918D-AEB9-43E6-9537-F6E2C0A9E20A}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{186E6DBB-3178-4389-8331-A138625B6878}" = protocol=58 | dir=in | app=system | "{25A65578-3068-488B-A868-4569FDF0F05D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{277F72FD-A10E-4A1A-8468-F36F3C660787}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{2D437BCC-6E80-492D-8094-3915E272764E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2DF6A40C-4467-42C5-B57D-09844C01B742}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutparadise.exe | "{2E48B62F-AADA-4ED9-B350-D427E5A6C7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe | "{2F51555E-355F-4186-8AFD-9A37720351F9}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{2F53A78D-2EE8-4A77-82AE-6E44359D05DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{33CF06AF-07B7-479C-A437-2173B0F98244}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutconfigtool.exe | "{3A491367-84C9-497C-BB55-47ED9F33E655}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{44CDF43C-F21E-4B4D-A80E-2A4A1EC6E83F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{47C83245-049C-4434-B875-F9AADE304844}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{4DC2F43A-52B1-4AF8-82CA-C1733149EA21}" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{4E7B2535-351A-4D49-B563-CD3242983E77}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{51C0782A-8185-46AE-9701-5C0B6D5A1FD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5FDC2A91-29CE-48BB-92C4-1BCBCFFCA62B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{5FF5AE72-7AC5-434B-95F5-409F47D4E33D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6553C54E-3FA0-425D-9D5A-0F63EB97AB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{67D0173B-46EE-4600-9069-20610D062424}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutparadise.exe | "{6DA06986-217F-4B15-A11E-F0232342C05F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{774C0B70-2DFD-4D1F-80F8-1941FC8D609A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{77A84EB5-F24C-45DD-90D2-9336468AAD21}" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{7D898340-9679-4CAF-9AA1-7A15E89C0B78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7E14CD16-CD6C-4161-A0DF-436AC57183BB}" = protocol=17 | dir=in | app=d:\gry\burnout paradise\burnoutlauncher.exe | "{7F05A08B-FD90-40C5-866C-14DC8E7B02EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{80808F0E-3EF1-4F77-A4A0-18D842DD85BE}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{81E4FC37-45CF-4882-9310-C07AC4A88DD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cgk_bolqu\half-life\hl.exe | "{8443636E-9C39-4F09-852B-4720A874C2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{85588263-4A1B-4028-952B-2ED4C175D446}" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{89D2297F-F697-441D-88DC-6BE1E32B3972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{8A39EA4C-843F-4AB6-B97B-1DE4749DA439}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{8AD09296-3D55-4BC3-982E-D324DC743B7F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{8E5A4FB9-B44C-46E1-AC25-03A801C79B85}" = protocol=17 | dir=in | app=d:\gry\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{900DA5BD-3DD3-482F-BC1C-1F4D348CFF97}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{92E0ED2D-A162-4855-8CAF-F55632A73386}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{96256C29-EF7D-4FDC-A31B-B9473AB70961}" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{9CAFE0B7-A7A4-42EF-9572-2B0E42E00EAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A1ADCE1D-DAB3-4118-93A8-945495559826}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe | "{A85B13D4-548A-4FE4-A3B2-7EDCC4046596}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{ADC447C9-F0AC-489E-AC28-4568278BABEA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{AF864CEF-8A49-4C53-82C4-4429E9DF6AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{B82F6F50-5183-4974-A903-71780FBEBE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{B9E1EAA9-B38C-4A4D-A5C9-4475E87CDCD2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{BCDCEAC1-9252-42FD-9570-1BAAD96CE09E}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutconfigtool.exe | "{C14FC170-6A1A-44B5-B1BD-B7877D787C01}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{CC000888-A3F8-45D3-B1E0-18F126C3AC4C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{D4916125-C4E8-4698-A428-B5799063A717}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{D5981B2E-B308-4AA5-9828-38D6975C62EE}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{D7D325A2-7AA6-4E5E-B213-FC585578D567}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{E1B967C9-AFB5-41F7-927D-2E0B226FF7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic iii - zlota edycja\heroes3.exe | "{E2C409D8-BB16-418C-88FE-D9D4E5316707}" = protocol=6 | dir=in | app=d:\gry\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{E2ED8044-9300-4B72-835C-21C2BC0CBBA1}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{E5634597-51C0-4C72-84BE-4606C3FBA65E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E726BC7B-2799-44CE-B68E-2043BB458138}" = protocol=6 | dir=in | app=d:\gry\burnout paradise\burnoutlauncher.exe | "{E823004D-FC15-4FF0-8FBC-6BCEC5407EA3}" = protocol=17 | dir=in | app=d:\gry\rockstar games\rockstar games social club\rgsclauncher.exe | "{F1CE5058-5451-4BAE-A3F3-820877A8D028}" = protocol=6 | dir=in | app=d:\gry\rockstar games\rockstar games social club\rgsclauncher.exe | "{F8A38495-EAA3-4021-B23D-66CB6904B5C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cgk_bolqu\half-life\hl.exe | "{FACECDA8-A156-4A73-928D-A7763CD079CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{FC352E3B-E0DC-46A5-BF66-EFAF758155F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{030B2B5A-6581-404E-AB7D-CD9DEF15A98B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{1638F053-8301-4EEF-8A03-0819D5E9D589}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe | "TCP Query User{2143DD40-805F-49CA-852C-DEBD194DE8FF}D:\gry\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=d:\gry\saints row iv\saintsrowiv.exe | "TCP Query User{2E17B1EA-C777-4E5B-A489-A5049E4FD772}D:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe | "TCP Query User{3EC0291D-A3F3-41F0-8466-5D47687C1B83}D:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe | "TCP Query User{45BE3F09-3F73-443A-A813-E2B76CEAF3DE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{6016DB5F-74ED-4D7D-9F0C-0C30D8AEA5EA}D:\gry\electronic arts\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed the run\need for speed the run.exe | "TCP Query User{65ADAC9B-14FB-4294-ACFF-58CD70DCA7EA}D:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe | "TCP Query User{662FAFCB-973B-4A6B-844C-950BCCBD45FB}D:\gry\call of duty black ops [revops] eng\blackopsmp.dat" = protocol=6 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackopsmp.dat | "TCP Query User{6F05B35D-58AD-44D6-8B22-E5B0D4660C7A}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{7445398E-4D25-471D-8E84-7C5FBF25EFA6}D:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "TCP Query User{7F6A459F-6DE7-43AA-9D6B-A98DB2256DE8}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "TCP Query User{8A93DD36-28BE-4272-BD6E-192AC1FC772B}D:\gry\call of duty black ops [revops] eng\blackops.dat" = protocol=6 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackops.dat | "TCP Query User{8C28F26E-B651-4755-B41C-8A65B8BAE9BA}D:\gry\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{931B55CE-60EA-45DE-ACFD-5EF9E5836A18}D:\gry\mw 3\iw5m.dat" = protocol=6 | dir=in | app=d:\gry\mw 3\iw5m.dat | "TCP Query User{A2C853CB-3B39-472D-AC38-429A1E4BFCE1}D:\gry\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\gry\saints row the third\saintsrowthethird_dx11.exe | "TCP Query User{C95080C7-D26B-457A-92B2-EF67A826F9AC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{0C3F9C1E-C262-40A8-9F44-1832037F0907}D:\gry\call of duty black ops [revops] eng\blackops.dat" = protocol=17 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackops.dat | "UDP Query User{2B3083B1-2F42-4D79-9BCA-EDC9D7403793}D:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "UDP Query User{2BADCC65-7FE9-4493-93A2-6B1AFB066AEB}D:\gry\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{362F5E99-0043-4707-942F-EE9A43028C61}D:\gry\call of duty black ops [revops] eng\blackopsmp.dat" = protocol=17 | dir=in | app=d:\gry\call of duty black ops [revops] eng\blackopsmp.dat | "UDP Query User{4160952F-90C4-46A2-8A6D-0D5E56A6DB04}D:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\gry\r.g. mechanics\colin mcrae. dirt 2\dirt2_game.exe | "UDP Query User{52F2A835-5338-4E36-AE54-EABF67601D2D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{7899CA19-769C-4E66-8AF1-7930039E07E0}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{82CD7E5B-B4F7-471A-9157-FB36F6A7F5C7}D:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\instalki(iso)\lrfd2\left 4 dead 2\left4dead2.exe | "UDP Query User{84E91FF6-6029-4049-9C40-8B4945CCFDA5}D:\gry\electronic arts\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\need for speed the run\need for speed the run.exe | "UDP Query User{8B88443A-73C9-48E8-9381-B90C09BA756B}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe | "UDP Query User{A6A4908B-45E5-4750-8CE2-DB36132AC7E3}D:\gry\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=d:\gry\saints row iv\saintsrowiv.exe | "UDP Query User{B889CAED-6621-4B51-97CC-0E544E0F7137}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{BD13B4A9-65EB-49AB-B792-87E7726174F8}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{C12A21C1-8C77-4CD5-A3EB-72E9FFE3ABFD}D:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\gry\activision\call of duty 4 - modern warfare 2\iw4mp.exe | "UDP Query User{CFB826A6-6D85-427A-B4C5-C0454F702735}D:\gry\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\gry\saints row the third\saintsrowthethird_dx11.exe | "UDP Query User{E321087D-D7B0-478F-B916-0155F306E96F}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{E98669AF-B87C-410D-AD6E-4DD8F396FC86}D:\gry\mw 3\iw5m.dat" = protocol=17 | dir=in | app=d:\gry\mw 3\iw5m.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1F266B69-F56D-7CD8-D90B-C47F2051A95A}" = AMD Fuel "{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit) "{33B49B5C-2D04-4B8F-BA1F-D22EB8A627B0}" = ESET Smart Security "{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs "{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding "{3DD68F17-2C5D-49AC-9280-13C90FE19B71}" = NI Logos64 5.1.3 "{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit) "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B092C4EE-F80B-48DD-B57D-C42B66543BE0}" = NI VC2005MSMs x64 "{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders "{C342A5D7-9D75-4D37-879A-BAA68D168670}" = NI Logos64 XT Support "{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit "{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support "{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit) "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding "{E63A64BC-6458-432B-A5FA-A61BFD34EA6E}" = NI TDMS (64-bit) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.21 "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0297078F-D4C8-4774-B7A3-6BBF2C164C76}_is1" = Dirt 2 Spolszczenie by O22y "{02B6E651-686D-4BCD-8A93-C07B01761745}" = NI Logos 5.1.3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1 "{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi "{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009 "{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1 "{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English "{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = AMD VISION Engine Control Center "{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime "{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish "{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish "{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3AD22980-7E0B-11D6-9C4B-0001020AA251}" = GTA3 PL "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0 "{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo "{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese "{604D1BD4-7EE3-4704-8D53-0675FA94AE57}" = NI MDF Support "{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common "{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86 "{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1 "{65246CE4-17F2-4896-8828-696086BED5F6}" = NI TDMS "{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.1 Core "{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard "{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian "{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine "{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai "{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo "{7CD0F3A4-AA2F-4F6E-84F4-BFC2905D4BA3}" = NI EULA Depot "{7D0575F4-A8BD-4B4D-9244-542E9EE54FED}" = OPC Core Components 2.00 Redistributable "{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0.1 Pro "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja "{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy "{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All "{A483F88A-41E9-45B2-AAC9-A823DD9B4873}" = PS TO PC CONVERTER "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German "{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek "{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian "{B226F936-42E3-402E-8CF8-C1D92F255A17}" = NI Uninstaller "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish "{BE95841B-D741-4B72-B79B-1EC61240F10E}" = NI Service Locator "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C0FF3C38-FC96-4575-8A7B-89DDA3F9C79D}" = NI Update Service "{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese "{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War "{CFF55EAB-5A2F-4A95-99D4-EF3E585F03FD}" = NI Logos XT Support "{D265C4DB-8F68-4264-BA9C-BCEFF134A8B8}" = NI Circuit Design Suite 11.0.1 Pro Licenses "{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services "{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager "{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries "{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™ "{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86 "{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F11F2CA2-F45F-4CC2-8962-28A0F5DC625A}" = NI Update Service Full "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish "{F9A9C54B-1438-4553-B27C-4A4BBC69920A}" = Amnesia: Mroczny Obłęd "{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine "{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "AIMP3" = AIMP3 "ALLPlayer_is1" = ALLPlayer V5.X "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r" = Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Codecs for Windows 7 Pack" = Codecs for Windows 7 Pack 4.0.5 "Colin McRae. DiRT 2_is1" = Colin McRae. DiRT 2 "DAEMON Tools Lite" = DAEMON Tools Lite "Dead Island Riptide_is1" = Dead Island Riptide "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0 "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Mozilla Firefox 23.0.1 (x86 pl)" = Mozilla Firefox 23.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "nfsClock14 New Free Screensaver_is1" = NewFreeScreensaver nfsBalls02 "nfsRadar New Free Screensaver_is1" = NewFreeScreensaver nfsRadar "NI Uninstaller" = National Instruments Software "OpenAL" = OpenAL "PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0 "Risen 2 - Dark Waters_is1" = Risen 2 - Dark Waters "RocketDock_is1" = RocketDock 1.3.5 "Saints Row The Third_is1" = Saints Row The Third "Sniper Elite: Nazi Zombie Army_is1" = Sniper Elite: Nazi Zombie Army "Steam App 10" = Counter-Strike "Update Engine" = Sony Ericsson Update Engine "uTorrent" = µTorrent "Warcraft III" = Warcraft III "WinRAR archiver" = Archiwizator WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player "Warcraft III" = Warcraft III: wszystkie elementy ========== Last 20 Event Log Errors ========== [ ACEEventLog Events ] OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. OTL encountered an error while reading this event log. It may be corrupt. < End of report > [/log] INFO: [log]info.txt logfile of random's system information tool 1.09 2013-09-01 10:30:35 ======Uninstall list====== -->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe -->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -maintain plugin Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1} Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1} Adobe Reader XI (11.0.03)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001} Adobe Shockwave Player 12.0-->"C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe" Advanced SystemCare 6-->"C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe" AIMP3-->C:\Program Files (x86)\AIMP3\Uninstall.exe ALLPlayer V5.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe" Amnesia - The Dark Descent -->"D:\Gry\Frictional Games\Amnesia - Mroczny Obled\unins000.exe" Amnesia: Mroczny Obłęd-->"C:\Program Files (x86)\InstallShield Installation Information\{F9A9C54B-1438-4553-B27C-4A4BBC69920A}\setup.exe" -runfromtemp -l0x0415 -removeonly Archiwizator WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe Ashampoo Burning Studio Elements 10.0.9-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio Elements\unins000.exe" Assassin's Creed-->C:\Program Files (x86)\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0015 -removeonly ASUS Smart Doctor-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{809D7E6D-915D-4EAD-821F-E13D93F37161} /l1033 Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67} bl-->MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0} Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F} Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r-->D:\Gry\Call of Duty Black Ops [RevOps] Eng\Uninstall.exe Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0415 Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1} Colin McRae. DiRT 2-->"C:\Users\Użytkownik\AppData\Local\R.G. Mechanics\Colin McRae. DiRT 2\Uninstall\unins000.exe" DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Dead Island Riptide-->"D:\Gry\Dead Island Riptide\Uninstall\unins000.exe" Dirt 2 Spolszczenie by O22y-->"D:\Gry\R.G. Mechanics\Colin McRae. DiRT 2\unins000.exe" Driver Genius Professional Edition-->"C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe" Dziobas Rar Player 0.009.52-->"C:\Program Files (x86)\Dziobas Rar Player\unins000.exe" Euro Truck Simulator 2-->"D:\Gry\Euro Truck Simulator 2\unins000.exe" Fallout 3-->"C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -runfromtemp -l0x0015 -removeonly Fraps (remove only)-->"C:\Fraps\uninstall.exe" Frontlines: Fuel of War-->"C:\Program Files (x86)\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x0015 -removeonly Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000B8301} Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301} Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8302} Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8303} GTA3 PL-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3AD22980-7E0B-11D6-9C4B-0001020AA251}\Setup.exe" -l0x9 GTAIII-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x15 Heroes of Might and Magic III - Złota Edycja-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8B743AA0-53B2-11D2-808A-00600895FB43}\setup.exe" -l0x15 HI-TECH C51-lite V9.60PL0-->"C:\Program Files (x86)\HI-TECH Software\HC51\lite\9.60\resources\setup.exe" HI-TECH PICC lite V9.60PL0-->"C:\Program Files (x86)\HI-TECH Software\PICC\lite\9.60\resources\setup.exe" HydraVision-->MsiExec.exe /X{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D} IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe Java 7 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217013FF} LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {0ACC2993-2058-4BE7-9A92-9DCDAA9B3412} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412} Łatka polonizacyjna GTA IV v1.0-->"D:\Gry\Rockstar Games\Grand Theft Auto IV\Spolszczenie\Deinstalator.exe" Mafia II-->"D:\Gry\Mafia II\unins000.exe" Malwarebytes Anti-Malware wersja 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox 23.0.1 (x86 pl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MPC-HC 1.6.4.6052-->"C:\Program Files (x86)\MPC-HC\unins000.exe" National Instruments Software-->"C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\uninst.exe" Need for Speed Underground 2-->D:\Gry\Electronic Arts\Need for Speed Underground 2\EAUninstall.exe Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED} Need for Speed™ Most Wanted-->D:\Gry\Electronic Arts\Need for Speed Most Wanted\EAUninstall.exe NewFreeScreensaver nfsBalls02-->"C:\Program Files (x86)\NewFreeScreensavers\nfsClock14\unins000.exe" NewFreeScreensaver nfsRadar-->"C:\Program Files (x86)\NewFreeScreensavers\nfsRadar\unins000.exe" NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} OPC Core Components 2.00 Redistributable-->MsiExec.exe /I{7D0575F4-A8BD-4B4D-9244-542E9EE54FED} OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U ph-->MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A} PS TO PC CONVERTER-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}\setup.exe" -l0x9 Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0415 -removeonly Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996} Risen 2 - Dark Waters-->"D:\Gry\Deep Silver\Risen 2 - Dark Waters\unins000.exe" Risen-->"C:\Program Files (x86)\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0015 -removeonly RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe" Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly Saints Row The Third-->"D:\Gry\Saints Row The Third\unins000.exe" Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended SHIFT 2 UNLEASHED™-->MsiExec.exe /X{E8C37E27-5205-4C8A-BECB-B00533045AAE} Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} Sniper Elite: Nazi Zombie Army-->"D:\Gry\Sniper Elite Nazi Zombie Army\unins000.exe" Sony Ericsson Update Engine-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe Sony PC Companion 2.10.108-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0409 -removeonly Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0015 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Extended Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} XSplit-->MsiExec.exe /X{24570B2F-3937-47F0-A16A-E82B480A7699} ======Hosts File====== 127.0.0.1 www.moviestarplanet.de 127.0.0.1 moviestarplanet.de 127.0.0.1 www.moviestarplanet.co.uk 127.0.0.1 moviestarplanet.co.uk 127.0.0.1 www.moviestarplanet.fr 127.0.0.1 moviestarplanet.fr 127.0.0.1 www.moviestarplanet.nl 127.0.0.1 moviestarplanet.nl 127.0.0.1 www.moviestarplanet.se 127.0.0.1 moviestarplanet.se ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=0403 "RGSCLauncher"=D:\Gry\Rockstar Games\Rockstar Games Social Club "RGSC"=D:\Gry\Rockstar Games\Rockstar Games Social Club\1_0_0_0 "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ "KMP_DUPLICATE_LIB_OK"=TRUE "MKL_SERIAL"=YES -----------------EOF----------------- [/log] log: [log]Logfile of random's system information tool 1.09 (written by random/random) Run by Bolqu at 2013-09-01 10:29:57 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 33 GB (20%) free of 170 GB Total RAM: 3327 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:30:34, on 2013-09-01 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\AIMP3\AIMP3.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Użytkownik\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Bolqu.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SysWOW64\OpcEnum.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7558 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Go for FilesUpdate.job C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce92ce9d864236.job C:\Windows\tasks\SymInstallStub.job C:\Windows\tasks\YourFile Update.job =========Mozilla firefox========= ProfilePath - C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default prefs.js - "browser.startup.homepage" - "www.google.pl" [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.7.700.224 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame] "Description"=Nexon Game Controller "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll nplv86win32.dll nplv90win32.dll nppdf32.dll WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default\extensions\ ascsurfingprotection@iobit.com IplextoALL@ALLPlayer.org ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-07 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-07 170912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2011-03-07 1475584] "HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2011-10-06 393216] "RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.ac3filter"=ac3filter.acm "msacm.vorbis"=vorbis.acm "VIDC.FPS1"=frapsvid.dll "vidc.VP60"=C:\Windows\system32\vp6vfw.dll "vidc.VP61"=C:\Windows\system32\vp6vfw.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.ffds"=ff_vfw.dll "vidc.xvid"=xvidvfw.dll "vidc.lags"=lagarith.dll "msacm.divxa32"=DivXa32.acm "msacm.lameacm"=LameACM.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-09-01 10:29:59 ----D---- C:\Program Files (x86)\trend micro 2013-09-01 10:29:57 ----D---- C:\rsit 2013-08-31 17:01:35 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-08-24 21:19:33 ----D---- C:\ProgramData\Steam 2013-08-23 19:50:37 ----D---- C:\Downloads 2013-08-23 19:50:36 ----D---- C:\Users\Użytkownik\AppData\Roaming\ProgSense 2013-08-23 19:49:18 ----D---- C:\Users\Użytkownik\AppData\Roaming\Orbit 2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.pif 2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.exe 2013-08-22 14:22:58 ----A---- C:\Windows\War3Unin.dat 2013-08-20 20:53:44 ----D---- C:\ProgramData\REVOLT 2013-08-18 23:49:39 ----D---- C:\Users\Użytkownik\AppData\Roaming\VenusHostage 2013-08-18 18:48:14 ----D---- C:\Users\Użytkownik\AppData\Roaming\IrfanView 2013-08-18 18:48:13 ----D---- C:\Program Files (x86)\IrfanView 2013-08-16 23:49:41 ----A---- C:\Windows\SysWOW64\tzres.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\wininet.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\url.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\mshtml.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\ieui.dll 2013-08-16 23:49:13 ----A---- C:\Windows\SysWOW64\ieframe.dll 2013-08-16 23:49:12 ----A---- C:\Windows\SysWOW64\urlmon.dll 2013-08-16 23:49:12 ----A---- C:\Windows\SysWOW64\iertutil.dll 2013-08-16 23:48:31 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-16 23:48:31 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\wow32.dll 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\user.exe 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\setup16.exe 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\ntdll.dll 2013-08-16 23:48:30 ----A---- C:\Windows\SysWOW64\instnm.exe 2013-08-16 23:48:05 ----A---- C:\Windows\SysWOW64\rpcrt4.dll 2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\wintrust.dll 2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\cryptsvc.dll 2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\cryptnet.dll 2013-08-16 23:47:23 ----A---- C:\Windows\SysWOW64\crypt32.dll 2013-08-13 20:44:18 ----D---- C:\Program Files (x86)\Rockstar Games ======List of files/folders modified in the last 1 month====== 2013-09-01 10:30:30 ----AD---- C:\Windows\Temp 2013-09-01 10:29:59 ----RD---- C:\Program Files (x86) 2013-09-01 10:20:55 ----D---- C:\Users\Użytkownik\AppData\Roaming\AIMP3 2013-09-01 10:10:46 ----D---- C:\Users\Użytkownik\AppData\Roaming\Skype 2013-08-31 21:33:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-31 12:38:01 ----D---- C:\Users\Użytkownik\AppData\Roaming\DAEMON Tools Lite 2013-08-30 15:06:27 ----SHD---- C:\System Volume Information 2013-08-30 14:59:00 ----D---- C:\Download 2013-08-30 14:26:17 ----D---- C:\Windows 2013-08-30 14:23:34 ----D---- C:\Program Files (x86)\BrowseToSave 2013-08-30 00:07:37 ----D---- C:\Windows\inf 2013-08-29 23:53:25 ----SHD---- C:\Boot 2013-08-29 23:13:02 ----D---- C:\Users\Użytkownik\AppData\Roaming\uTorrent 2013-08-29 23:13:01 ----D---- C:\Windows\SoftwareDistribution 2013-08-29 22:51:59 ----D---- C:\Windows\Tasks 2013-08-28 12:52:53 ----D---- C:\Windows\winsxs 2013-08-27 16:25:39 ----D---- C:\Windows\debug 2013-08-27 15:24:45 ----D---- C:\Windows\Panther 2013-08-27 15:24:45 ----D---- C:\Program Files (x86)\Steam 2013-08-26 16:35:32 ----D---- C:\Windows\SysWOW64\pl-PL 2013-08-26 16:35:32 ----D---- C:\Windows\SysWOW64 2013-08-26 16:35:32 ----D---- C:\Windows\System32 2013-08-26 16:35:32 ----D---- C:\Windows\PolicyDefinitions 2013-08-26 16:35:32 ----D---- C:\Program Files (x86)\Internet Explorer 2013-08-26 16:35:31 ----RD---- C:\Program Files 2013-08-24 21:19:33 ----HD---- C:\ProgramData 2013-08-22 13:42:01 ----D---- C:\Program Files (x86)\Damian Pasternak 2013-08-20 18:16:28 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-18 23:37:38 ----A---- C:\m.txt 2013-08-18 22:02:10 ----D---- C:\Users\Użytkownik\AppData\Roaming\TS3Client 2013-08-18 21:16:05 ----D---- C:\Program Files (x86)\AIMP3 2013-08-17 00:55:51 ----D---- C:\Windows\SysWOW64\migration 2013-08-17 00:55:51 ----D---- C:\Windows\AppPatch 2013-08-16 23:12:34 ----D---- C:\Windows\Prefetch 2013-08-06 20:00:26 ----D---- C:\Program Files (x86)\Google 2013-08-06 19:58:59 ----SHD---- C:\Windows\Installer 2013-08-05 23:21:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [] R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [] R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [] R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [] R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [] R4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [] S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S3 ALSysIO;ALSysIO; C:\Windows\SysWOW64\drivers\ALSysIO.sys [] S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [] S3 EagleX64;EagleX64; C:\Windows\SysWOW64\drivers\EagleX64.sys [] S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [] S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [] S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [] S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\DRIVERS\TsUsbGD.sys [] S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\SysWOW64\drivers\WinRing0_1_2_0.sys [] S3 WinUsb;Sony so0101 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2010-09-14 61440] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 2470736] S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe [2009-03-20 357182] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 OpcEnum;OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [2005-11-25 98304] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640] S4 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272] S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-02-10 49152] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 116648] S4 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 116648] S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2009-09-29 695136] S4 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2010-03-10 43056] S4 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2010-03-10 53808] S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-31 117656] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2010-03-10 358448] S4 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-05-17 1007616] S4 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2009-10-20 13896] S4 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-11-04 66872] S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2011-11-04 103736] S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-12-20 541760] -----------------EOF----------------- [/log] 3.DDS: DDS [log]DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.13.2 Run by Bolqu at 10:33:05 on 2013-09-01 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.3327.1519 [GMT 2:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\SysWOW64\ASDR.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\AIMP3\AIMP3.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Użytkownik\Downloads\dds.com C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: AutorunsDisabled - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: Interfaces\{9247C03A-EF62-421C-8608-B808EE5718B1} : DHCPNameServer = 192.168.1.1 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned> x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-Run: [RTHDVCPL] c:\program files\realtek\audio\hda\ravcpl64.exe -s x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\oqoqhlrn.default\ . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-8 56208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-9 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144] R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-12-21 50624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-28 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-9 96256] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-26 283200] R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-8-22 23680] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-20 769168] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-11-23 58536] S1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2013-1-20 16384] S2 .EsetTrialReset;Eset Trial Reset;C:\Windows\reset.exe [2009-3-13 357182] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-3-7 71168] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-10-22 14448] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-20 19456] S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-20 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-20 30208] S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-28 1255736] S3 zlportio;zlportio;C:\Users\Użytkownik\Desktop\Bardzo wazne dokumenty\Asysten elektronika\Asystent elektronika\zlportio.sys [2013-1-23 4016] S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-7-20 574272] S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-10 49152] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] S4 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-10-22 155320] . =============== Created Last 30 ================ . 2013-09-01 08:33:05 -------- d-----w- C:\Users\U?ytkownik\AppData\Local\Microsoft 2013-09-01 08:29:59 -------- d-----w- C:\Program Files (x86)\trend micro 2013-08-24 19:19:33 -------- d-----w- C:\ProgramData\Steam 2013-08-23 17:50:37 -------- d-----w- C:\Downloads 2013-08-23 17:50:36 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\ProgSense 2013-08-23 17:49:18 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\Orbit 2013-08-22 12:22:58 2829 ----a-w- C:\Windows\War3Unin.pif 2013-08-22 12:22:58 139264 ----a-w- C:\Windows\War3Unin.exe 2013-08-20 18:53:44 -------- d-----w- C:\ProgramData\REVOLT 2013-08-18 21:49:39 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\VenusHostage 2013-08-18 16:48:14 -------- d-----w- C:\Users\Użytkownik\AppData\Roaming\IrfanView 2013-08-18 16:48:13 -------- d-----w- C:\Program Files (x86)\IrfanView 2013-08-16 21:48:31 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-16 21:48:31 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-16 21:48:31 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-16 21:48:31 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-16 21:48:31 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-16 21:48:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-16 21:48:30 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-16 21:48:30 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-16 21:48:30 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-16 21:48:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-16 21:48:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-16 21:48:05 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-08-16 21:48:05 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-08-16 21:47:56 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-16 21:47:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-16 21:47:23 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-16 21:47:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-16 21:47:23 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-16 21:47:23 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-16 21:47:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-16 21:47:23 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-16 21:47:23 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-16 21:47:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-13 18:44:18 -------- d-----w- C:\Program Files (x86)\Rockstar Games . ==================== Find3M ==================== . 2013-08-16 21:49:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-16 21:49:41 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-08-16 21:49:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-16 21:49:13 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-16 21:49:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-16 21:49:13 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-08-16 21:48:30 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-28 10:41:48 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2013-07-28 10:41:48 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2013-07-28 10:41:29 96768 ----a-w- C:\Windows\System32\fsutil.exe 2013-07-28 10:41:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2013-07-28 10:41:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2013-07-28 10:41:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2013-07-28 10:41:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2013-07-28 10:41:29 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-07-28 10:41:29 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2013-07-28 10:41:29 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2013-07-28 10:41:29 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2013-07-28 10:41:29 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2013-07-28 10:39:52 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-07-28 10:39:52 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-07-28 10:39:52 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-07-28 10:39:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-07-28 10:39:52 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-07-28 10:39:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-07-28 10:39:52 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-07-20 20:45:30 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-20 20:43:17 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-07-20 20:43:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-07-20 20:36:12 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-20 20:36:12 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-20 20:35:19 1545728 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-20 20:35:19 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-20 20:21:48 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-07-20 20:20:57 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-07-20 20:20:57 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-07-20 20:20:06 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-07-20 20:20:06 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-07-20 20:18:19 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-07-20 20:18:19 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-07-20 20:18:19 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-07-20 20:18:19 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-07-20 20:17:19 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-20 20:17:19 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-07-20 20:17:19 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-07-20 20:11:24 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-07-20 20:11:24 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-07-20 20:11:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-07-20 20:11:24 111448 ----a-w- C:\Windows\System32\consent.exe 2013-07-20 20:10:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-07-20 20:10:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-07-20 20:09:49 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-07-20 20:09:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-07-20 20:09:48 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-07-20 20:09:48 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-07-20 20:09:48 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-07-20 20:09:48 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-07-20 20:09:07 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-07-20 20:07:17 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-07-20 20:07:17 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-07-20 20:07:17 112640 ----a-w- C:\Windows\System32\smss.exe 2013-07-20 20:06:30 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-07-20 20:05:51 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2013-07-20 20:05:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-07-20 20:01:31 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-07-20 19:58:49 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-07-20 19:58:07 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-07-20 19:58:07 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-07-20 19:51:02 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-07-20 19:51:02 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-07-20 19:45:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2013-07-20 19:45:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2013-07-20 19:45:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-07-20 19:45:28 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-07-20 19:45:28 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-07-20 19:45:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-07-20 19:44:46 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-07-20 19:44:46 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-07-20 19:44:46 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-07-20 19:44:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-07-20 19:44:46 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-07-20 19:44:46 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-07-20 19:41:41 478208 ----a-w- C:\Windows\System32\dpnet.dll 2013-07-20 19:41:41 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2013-07-20 19:41:08 609792 ----a-w- C:\Windows\System32\vbscript.dll 2013-07-20 19:41:08 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-07-20 19:40:35 95744 ----a-w- C:\Windows\System32\synceng.dll 2013-07-20 19:40:35 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2013-07-20 19:40:01 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-07-20 19:40:01 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-07-20 19:40:01 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-07-20 19:40:01 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-07-20 19:40:01 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-07-20 19:40:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-07-20 19:40:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-07-20 19:39:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-07-20 19:39:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-07-20 19:39:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-07-20 19:32:06 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2013-07-20 19:32:06 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll . ============= FINISH: 10:33:24,38 =============== [/log] Attach: [log]. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2011-10-28 19:10:38 System Uptime: 2013-09-01 10:06:52 (0 hours ago) . Motherboard: MSI | | 870A-G46 (MS-7599) Processor: AMD Phenom(tm) II X4 965 Processor | CPU1 | 2176/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 166 GiB total, 32,659 GiB free. D: is FIXED (NTFS) - 300 GiB total, 7,993 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 Advanced SystemCare 6 AIMP3 ALLPlayer V5.X AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD AVIVO64 Codecs AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Amnesia - The Dark Descent Amnesia: Mroczny Obłęd Archiwizator WinRAR Ashampoo Burning Studio Elements 10.0.9 Assassin's Creed ASUS Smart Doctor ASUS VGA Driver µTorrent Battlefield: Bad Company™ 2 bl Burnout(TM) Paradise The Ultimate Box Call of Duty Black Ops [RevOps] Eng 08.07.2012 [RevOps] v1.4r Call of Duty(R) - World at War(TM) Call of Duty(R) 4 - Modern Warfare(TM) Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Codecs for Windows 7 Pack 4.0.5 Colin McRae. DiRT 2 Counter-Strike CPUID HWMonitor 1.21 DAEMON Tools Lite Dead Island Riptide Defraggler Dirt 2 Spolszczenie by O22y Driver Genius Professional Edition Dziobas Rar Player 0.009.52 ESET Smart Security Euro Truck Simulator 2 Fallout 3 Fraps (remove only) Frontlines: Fuel of War Google Chrome Google Update Helper Grand Theft Auto IV GTA3 PL GTAIII Heroes of Might and Magic III - Złota Edycja HI-TECH C51-lite V9.60PL0 HI-TECH PICC lite V9.60PL0 HydraVision IrfanView (remove only) Java 7 Update 13 Java Auto Updater LogMeIn Hamachi Mafia II Malwarebytes Anti-Malware wersja 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (Polish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Polish) 2007 Microsoft Office Groove MUI (Polish) 2007 Microsoft Office InfoPath MUI (Polish) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Polish) 2007 Microsoft Office Outlook MUI (Polish) 2007 Microsoft Office PowerPoint MUI (Polish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Polish) 2007 Microsoft Office Proofing (Polish) 2007 Microsoft Office Publisher MUI (Polish) 2007 Microsoft Office Shared 64-bit MUI (Polish) 2007 Microsoft Office Shared MUI (Polish) 2007 Microsoft Office Word MUI (Polish) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 23.0.1 (x86 pl) Mozilla Maintenance Service MPC-HC 1.6.4.6052 National Instruments Software Need for Speed Underground 2 Need for Speed(TM) Hot Pursuit Need for Speed™ Most Wanted NewFreeScreensaver nfsBalls02 NewFreeScreensaver nfsRadar NI Circuit Design Suite 11.0.1 Core NI Circuit Design Suite 11.0.1 Pro NI Circuit Design Suite 11.0.1 Pro Licenses NI EULA Depot NI Example Finder 9.0 NI Help Assistant NI Help Assistant (64bit) NI LabVIEW 2009 SP1 Run-Time Engine Web Services NI LabVIEW Real-Time NBFifo NI LabVIEW Run-Time Engine 2009 SP1 NI LabVIEW Run-Time Engine 8.6.1 NI LabVIEW Run-Time Engine Interop 2009 NI LabVIEW Web Server for Run-Time Engine NI LabVIEW Web Services Runtime NI LabWindows/CVI 9.0.1 Run-Time Engine NI License Manager NI Logos 5.1.3 NI Logos XT Support NI Logos64 5.1.3 NI Logos64 XT Support NI Math Kernel Libraries NI Math Kernel Libraries (64-bit) NI MDF Support NI MetaSuite Installer NI Service Locator NI TDMS NI TDMS (64-bit) NI Trace Engine NI Trace Engine (64-bit) NI Uninstaller NI Update Service NI Update Service Full NI USI 1.7.0 NI USI 1.7.0 64-Bit NI VC2005MSMs x64 NI VC2005MSMs x86 NI VC2008MSMs x64 NI VC2008MSMs x86 NI Web Pipeline 2.0.1 NI Web Pipeline 2.0.1 64-bit support NVIDIA PhysX OPC Core Components 2.00 Redistributable OpenAL ph PS TO PC CONVERTER Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Risen Risen 2 - Dark Waters RocketDock 1.3.5 Rockstar Games Social Club Saints Row The Third Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SHIFT 2 UNLEASHED™ Skype Click to Call Skype™ 6.3 Sniper Elite: Nazi Zombie Army Sony Ericsson Update Engine Sony PC Companion 2.10.108 Steam swMSM TeamSpeak 3 Client The Sims™ 3 Łatka polonizacyjna GTA IV v1.0 Unity Web Player Unlocker 1.9.1-x64 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Utility Warcraft III Warcraft III: wszystkie elementy Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin XSplit . ==== End Of File =========================== [/log] 4.GMER: [log]GMER 2.1.19163 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2013-09-01 10:41:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500413AS rev.JC4B 465,76GB Running: qv8imor7.exe; Driver: C:\Users\UYTKOW~1\AppData\Local\Temp\kxtdqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033b6000 63 bytes [00, 00, 17, 00, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff800033b6042 4 bytes [00, 00, 00, 00] .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88007228d64 12 bytes {MOV RAX, 0xfffffa8003dc92a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766187b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\AIMP3\AIMP3.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\AIMP3\AIMP3.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xc5a228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xc5a268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xc5a1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xc5a128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xc5a328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xc5a368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xc5a2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xc5a2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xc5a068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xc5a0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xc5a028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xc5a1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xc5a168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xc5a0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x6b7a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x6b7a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x6b79a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x6b7928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x6b7b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x6b7b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x6b7ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x6b7aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x6b7868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x6b78a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x6b7828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x6b79e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x6b7968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x6b78e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x63be28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x63be68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x63bda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x63bd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x63bf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x63bf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x63bee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x63bea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x63bc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x63bca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x63bc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x63bde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x63bd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x63bce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x5bf628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x5bf668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x5bf5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x5bf528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x5bf728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x5bf768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x5bf6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x5bf6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x5bf468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x5bf4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x5bf428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x5bf5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x5bf568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x5bf4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xe38228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xe38268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xe381a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xe38128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xe38328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xe38368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xe382e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xe382a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xe38068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xe380a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xe38028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xe381e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xe38168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xe380e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xf8aa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xf8aa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xf8a9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xf8a928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xf8ab28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xf8ab68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xf8aae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xf8aaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xf8a868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xf8a8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xf8a828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xf8a9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xf8a968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xf8a8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0x414628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0x414668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0x4145a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0x414528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0x414728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0x414768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0x4146e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0x4146a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0x414468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0x4144a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0x414428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0x4145e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0x414568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0x4144e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xdeb628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xdeb668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xdeb5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xdeb528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xdeb728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xdeb768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xdeb6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xdeb6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xdeb468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xdeb4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xdeb428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xdeb5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xdeb568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xdeb4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007713f9b1 7 bytes {MOV EDX, 0xf7c228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007713fbf5 7 bytes {MOV EDX, 0xf7c268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007713fc25 7 bytes {MOV EDX, 0xf7c1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007713fc3d 7 bytes {MOV EDX, 0xf7c128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007713fc55 7 bytes {MOV EDX, 0xf7c328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007713fc85 7 bytes {MOV EDX, 0xf7c368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007713fd05 7 bytes {MOV EDX, 0xf7c2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007713fd1d 7 bytes {MOV EDX, 0xf7c2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007713fd69 7 bytes {MOV EDX, 0xf7c068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007713fe61 7 bytes {MOV EDX, 0xf7c0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771400b9 7 bytes {MOV EDX, 0xf7c028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771410c5 7 bytes {MOV EDX, 0xf7c1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007714113d 7 bytes {MOV EDX, 0xf7c168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077141341 7 bytes {MOV EDX, 0xf7c0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 .text C:\Users\Użytkownik\Downloads\qv8imor7.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75] .text C:\Users\Użytkownik\Downloads\qv8imor7.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a5f1c] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a5cc0] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a669c] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a6a98] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a68f4] \SystemRoot\System32\Drivers\sptd.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-6 fffffa800279e2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800279e2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800279e2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800279e2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800279e2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800279e2c0 Device \Driver\agweu8kn \Device\Scsi\agweu8kn1 fffffa8003f172c0 Device \Driver\anthxtbz \Device\Scsi\anthxtbz1 fffffa8003f872c0 Device \FileSystem\Ntfs \Ntfs fffffa80028542c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa8003e3c2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8003e592c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8003e592c0 Device \Driver\cdrom \Device\CdRom0 fffffa80039ca2c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa8003e592c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8003e3c2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8003e3c2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8003e3c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80037be2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9247C03A-EF62-421C-8608-B808EE5718B1} fffffa80039c82c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa8003e3c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0DEE9890-EEE6-4602-B5A6-F74D4A6C497F} fffffa80039c82c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8003e592c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8003e592c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80039c82c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa8003e592c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8003e3c2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800279e2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8003e3c2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8003e3c2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800279e2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800279e2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800279e2c0 Device \Driver\agweu8kn \Device\ScsiPort4 fffffa8003f172c0 Device \Driver\anthxtbz \Device\ScsiPort5 fffffa8003f872c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800279e2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800279e2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800381b060] fffffa800381b060 Trace 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa80036ec9b0] fffffa80036ec9b0 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80037a2060] fffffa80037a2060 Trace \Driver\atapi[0xfffffa8002892530] -> IRP_MJ_CREATE -> 0xfffffa800279e2c0 fffffa800279e2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\agweu8kn.SYS fffff88007265000-fffff880072a7000 (270336 bytes) Module \SystemRoot\System32\Drivers\anthxtbz.SYS fffff88006f8e000-fffff88006fdf000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167ca0a16 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167ca0a16@2021a5715d63 0xF6 0x0B 0x70 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x36 0xD1 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x88 0xEE 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xF0 0x19 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x6A 0x41 0x55 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167ca0a16 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167ca0a16@2021a5715d63 0xF6 0x0B 0x70 0x82 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x36 0xD1 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0xEA 0xD2 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0xF0 0x19 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x6A 0x41 0x55 ... ---- EOF - GMER 2.1 ---- [/log] Co mam zrobić?
Natsuki Kuga komentarz 2 września 2013 komentarz 2 września 2013 Wywaliłem z systemu IE Przy okazji, IE nie powinno się odinstalowywać z systemu, ponieważ to jego integralny składnik i potem mogą wyskakiwać różne dziwne komunikaty/ problemy. SRV:64bit: - [2013-07-20 22:46:35 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) Samodzielnie wyłączałeś usługę Windows Defendera, czy sama się zatrzymała?1. Do OTL w okno Własne opcje skanowania/Skrypt wklej: :OTL File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI File not found (No name found) -- C:\USERS\UĹĽYTKOWNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OQOQHLRN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKU\S-1-5-21-3248170762-2093296095-4103811931-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. Kliknij Wykonaj skrypt, pokaż raport.2. Zaglądnij do apletu Dodaj/usuń programy. Czy znasz lub używasz aplikacje o nazwach: ph, bl ?
Bolqu komentarz 2 września 2013 Autor komentarz 2 września 2013 1. Nie usunąłem IE tylko odznaczyłem w "Włącz lub wyłącz funkcje systemu Windows". 2.Sam odznaczyłem tego Defendera bo nie wiem po co mi on :D3. RAPORT ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-3248170762-2093296095-4103811931-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 09022013_215033 4. W aplecie Dodaj/usuń programy nie zauważyłem żadnej takie aplikacji "pf,bl" (nie wiem co to ma być i co to znaczy ^^).
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.