Shimek utworzono 26 grudnia 2013 utworzono 26 grudnia 2013 (edytowane) Witam, przez rok nazbierało mi się bardzo dużo smieci na komputerze a jego wydajność spadła i pojawia sie masa błędów pokroju 0xc00007b robiłem to co kazali w intranecie ale nic nie pomogło. Jako że mam problem to bede wrzucał logi pojedynczo bo gdy chciałem wszystko na raz to już 3x mi wywaliło jakiś błąd. OTL [log]OTL logfile created on: 2013-12-25 10:37:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LENOVO\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,66% Memory free 7,89 Gb Paging File | 5,96 Gb Available in Paging File | 75,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,20 Gb Total Space | 85,87 Gb Free Space | 12,55% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,84 Gb Total Space | 1,43 Gb Free Space | 77,63% Space Free | Partition Type: FAT Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-12-25 10:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Downloads\OTL.exe PRC - [2013-12-08 18:08:07 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-11-08 21:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe PRC - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-01-03 13:05:36 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012-08-21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2011-01-29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-01-12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2013-02-13 12:36:16 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013-01-10 18:29:08 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013-01-10 18:29:08 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013-01-10 09:37:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013-01-10 09:36:42 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-10 09:36:33 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-10 09:36:29 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-10 09:36:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-10 09:36:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-10 09:36:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2011-08-14 13:30:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011-02-16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2011-02-16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-12-08 12:32:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:64bit: - [2013-11-08 21:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:64bit: - [2011-05-12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011-05-02 15:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011-05-02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011-05-02 15:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-12-16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem) SRV - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive) SRV - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-05-11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-08-21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2012-04-30 17:17:38 | 000,104,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-05-31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-10-23 11:30:23 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013-09-28 00:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013-04-04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013-04-03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2013-04-03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2013-04-03 08:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2013-04-03 08:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2013-04-03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2013-01-06 17:25:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-08-14 22:29:45 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011-08-14 22:29:43 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011-08-14 22:22:35 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan) DRV:64bit: - [2011-08-14 22:22:35 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex) DRV:64bit: - [2011-08-14 13:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-08-14 13:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-05-13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011-05-13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011-05-13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011-05-13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011-05-13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011-05-13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011-05-09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011-05-01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011-03-26 02:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-03-21 06:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-01-29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011-01-12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-12-13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010-12-01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-10-15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-03-02 19:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk) DRV:64bit: - [2010-03-02 19:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile) DRV:64bit: - [2009-07-21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.lenovo.com IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://www.lenovo.com IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://start.qone8.c..._S0RUNYAB604258 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =http://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://start.qone8.c..._S0RUNYAB604258 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =http://www2.delta-se...120695&tsp=5007 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =http://start.qone8.c...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =http://www.google.co...1I7LENN_plPL500 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" =http://websearch.sof...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-01-03 13:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-03 13:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff [2013-11-23 01:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff [2013-11-25 22:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [2013-12-11 00:52:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha872.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ff [2013-12-21 17:01:42 | 000,000,000 | ---D | M] [2013-05-26 22:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Extensions [2013-12-08 13:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions [2013-10-23 17:33:18 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [2013-10-23 17:32:45 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\firefox@lemurleap.info [2013-09-16 22:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013-05-26 22:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013-05-26 22:57:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-12-21 17:01:42 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF [2013-10-23 17:33:07 | 000,000,665 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: No name found = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\ CHR - Extension: Google Wallet = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Better Surf Plus) - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll File not found O2 - BHO: (Webexp Enhanced) - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Spotify Web Helper] C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F810A68-84E5-4561-B3D1-DFEC470A3F73}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6F30F37-AD2C-4EDA-B51D-7BDD9EEF212C}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll) - File not found O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-12-25 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Raporty [2013-12-25 10:09:57 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth [2013-12-25 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013-12-21 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1 [2013-12-15 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis [2013-12-08 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carambis [2013-12-08 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\TempDIR [2013-12-08 12:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO [2013-12-08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013-12-08 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Autodesk [2013-12-08 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk [2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2013-12-08 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2013-12-08 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2013-12-08 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2013-12-08 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Xfire [2013-12-08 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Xfire [2013-12-08 11:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire2 [2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire2 [2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2013-12-08 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2013-12-08 11:32:38 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\cache [2013-12-08 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Documents\Mobogenie [2013-12-08 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Mobogenie [2013-12-08 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie [2013-12-06 08:51:21 | 000,000,000 | ---D | C] -- C:\Intel [2013-11-25 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Better-Surf [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-12-25 10:16:53 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 10:16:53 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 10:15:22 | 001,676,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013-12-25 10:15:22 | 000,743,058 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2013-12-25 10:15:22 | 000,656,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013-12-25 10:15:22 | 000,156,786 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2013-12-25 10:15:22 | 000,122,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013-12-25 10:09:51 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-25 10:09:21 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMAutoUpdate.job [2013-12-25 10:09:18 | 000,000,360 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job [2013-12-25 10:09:11 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-25 10:09:05 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013-12-25 10:08:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013-12-25 10:08:14 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013-12-24 19:56:08 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMSchedule.job [2013-12-16 22:12:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-12-16 22:10:59 | 000,064,103 | ---- | M] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg [2013-12-08 18:05:16 | 000,005,033 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe [2013-12-08 17:56:54 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Driver Updater.lnk [2013-12-08 17:39:25 | 000,509,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013-12-08 17:20:20 | 017,053,578 | ---- | M] () -- C:\Users\LENOVO\Desktop\SIPS.rar [2013-12-08 12:37:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013-12-08 12:36:31 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013-12-08 12:33:23 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013-12-08 12:32:02 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk [2013-12-08 12:24:42 | 001,649,090 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013-12-08 12:14:26 | 000,001,061 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2013-12-08 11:37:09 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2013-12-08 11:35:20 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-11-26 12:08:33 | 000,007,606 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-12-16 22:10:58 | 000,064,103 | ---- | C] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg [2013-12-08 18:05:16 | 000,005,033 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2013-12-08 17:56:54 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Updater.lnk [2013-12-08 17:20:19 | 017,053,578 | ---- | C] () -- C:\Users\LENOVO\Desktop\SIPS.rar [2013-12-08 12:37:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013-12-08 12:36:31 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013-12-08 12:33:23 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013-12-08 12:32:02 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk [2013-12-08 12:14:25 | 000,001,061 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2013-12-08 11:37:09 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2013-12-08 11:35:20 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-11-25 11:16:23 | 000,007,021 | ---- | C] () -- C:\Users\LENOVO\Desktop\jolo.rtf [2013-10-16 20:55:56 | 000,000,977 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\recently-used.xbel [2013-09-21 17:27:26 | 000,007,606 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg [2013-07-07 15:08:38 | 000,000,331 | ---- | C] () -- C:\windows\game.ini [2013-02-05 16:52:54 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2013-02-05 16:52:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2013-02-05 16:52:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2013-02-05 16:52:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2013-02-05 16:52:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2013-01-02 22:57:03 | 000,000,367 | ---- | C] () -- C:\Program Files (x86)\conquer.ini [2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2012-12-01 17:24:36 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012-12-01 17:24:35 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2012-10-12 01:50:40 | 000,049,738 | ---- | C] () -- C:\Program Files (x86)\AutoMapa EU.md5 [2012-09-29 23:50:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012-09-29 23:50:28 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2012-09-29 23:50:28 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll [2012-09-29 23:50:28 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012-09-29 23:50:26 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012-09-22 12:51:41 | 000,361,096 | ---- | C] () -- C:\windows\SysWow64\lead3dengine.dll [2012-09-08 23:09:27 | 000,000,243 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\GPU Meter_Settings.ini [2012-09-08 23:08:01 | 000,000,532 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\All CPU MeterV3_Settings.ini ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-12-06 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft [2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium [2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre [2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software [2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite [2013-10-23 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Dealply [2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com [2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture [2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster [2013-05-02 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\iPumper [2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView [2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient [2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone [2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband [2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt [2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung [2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client [2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland [2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify [2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl [2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay [2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft [2013-09-16 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\systweak [2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP [2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client [2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote [2013-12-25 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent [2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net [2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < C:\*.* > [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2013-05-02 18:06:55 | 000,000,000 | ---- | M] () -- C:\END [2013-12-08 13:23:15 | 002,384,644 | ---- | M] () -- C:\FaceProv.log [2013-12-25 10:08:14 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013-12-25 10:08:20 | 4236,099,584 | -HS- | M] () -- C:\pagefile.sys [2011-08-14 21:59:35 | 000,002,150 | ---- | M] () -- C:\RHDSetup.log [2013-05-14 07:15:32 | 000,357,814 | ---- | M] () -- C:\SDK Manager.exe [2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009-07-14 06:08:49 | 000,032,604 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2011-08-14 22:20:05 | 000,001,058 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2011-08-14 22:20:05 | 000,001,062 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2013-01-15 17:44:23 | 000,000,286 | ---- | C] () -- C:\windows\Tasks\RMSchedule.job [2013-01-15 19:00:00 | 000,000,286 | ---- | C] () -- C:\windows\Tasks\RMAutoUpdate.job [2013-06-03 11:08:43 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013-10-23 17:32:32 | 000,000,360 | ---- | C] () -- C:\windows\Tasks\AmiUpdXp.job < D:\*.* > [1 D:\*.tmp files -> D:\*.tmp -> ] < E:\*.* > < F:\*.* > [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () -- F:\autorun.inf [2012-09-29 13:15:12 | 000,023,558 | R--- | M] () -- F:\icon.ico [2012-09-28 18:48:08 | 998,655,488 | R--- | M] () -- F:\setup-1.bin [2012-09-28 18:57:55 | 1000,000,000 | R--- | M] () -- F:\setup-2.bin [2012-09-28 19:04:53 | 1000,000,000 | R--- | M] () -- F:\setup-3.bin [2012-09-28 19:09:14 | 1000,000,000 | R--- | M] () -- F:\setup-4.bin [2012-09-28 19:15:34 | 1000,000,000 | R--- | M] () -- F:\setup-5.bin [2012-09-28 19:23:50 | 1000,000,000 | R--- | M] () -- F:\setup-6.bin [2012-09-28 19:25:09 | 072,691,766 | R--- | M] () -- F:\setup-7.bin [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) -- F:\Setup.exe < G:\*.* > [2013-11-11 11:11:02 | 000,000,512 | -H-- | M] () -- G:\NIKON001.DSC [2011-11-21 21:22:42 | 000,022,059 | ---- | M] () -- G:\1.5Sciaga - bramki logiczne (kolos 2).docx [2011-11-21 21:22:44 | 000,510,432 | ---- | M] () -- G:\1.6Sciaga - klad sterowania silnikiem (kolos 2).docx [2011-11-21 21:22:44 | 000,054,272 | ---- | M] () -- G:\ciaga - bramki logiczne (kolos 2).doc [2011-11-21 21:22:46 | 003,208,192 | ---- | M] () -- G:\ciaga - klad sterowania silnikiem (kolos 2).doc [2013-12-05 13:36:58 | 000,181,078 | ---- | M] () -- G:\sciaga new.docx [2013-12-08 23:19:06 | 000,385,536 | ---- | M] () -- G:\PID Grupa 3 (1).doc < H:\*.* > < %ALLUSERSPROFILE%\Application Data\*. > < %APPDATA%\*. > [2013-12-06 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft [2013-03-25 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Adobe [2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium [2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre [2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software [2012-09-06 08:49:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\CyberLink [2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite [2013-10-23 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Dealply [2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com [2013-10-30 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dvdcss [2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture [2012-09-06 19:00:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Google [2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster [2012-08-20 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Identities [2012-08-20 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel [2012-08-20 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel Corporation [2013-05-02 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\iPumper [2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView [2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient [2013-03-18 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Macromedia [2013-05-20 09:21:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Malwarebytes [2011-02-22 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Center Programs [2013-12-04 16:07:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Player Classic [2013-12-08 19:49:43 | 000,000,000 | --SD | M] -- C:\Users\LENOVO\AppData\Roaming\Microsoft [2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone [2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband [2013-05-26 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mozilla [2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt [2013-03-17 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NVIDIA [2013-03-24 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Real [2013-01-03 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\RealNetworks [2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung [2012-09-08 07:58:53 | 000,000,000 | RH-D | M] -- C:\Users\LENOVO\AppData\Roaming\SecuROM [2013-07-14 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Skype [2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client [2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland [2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify [2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl [2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay [2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft [2013-09-16 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\systweak [2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP [2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client [2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote [2013-12-25 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent [2013-12-22 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\vlc [2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net [2013-12-01 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Winamp [2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer [2012-09-06 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\WinRAR [2013-12-25 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Xfire < %SYSTEMDRIVE%\*. /mp /s > < MD5 for: AGP440.SYS > [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: BEEP.SYS > [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys < MD5 for: EXPLORER.EXE > [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: NTFS.SYS > [2010-11-21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys [2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys [2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys [2012-08-31 18:57:17 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys [2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\windows\SysNative\drivers\ntfs.sys [2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys < MD5 for: SVCHOST.EXE > [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe [2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < %systemroot%\system32\ws2_32.dll /md5 > [2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\windows\system32\ws2_32.dll [3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %systemroot%\system32\kernel32.dll /md5 > [2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\windows\system32\kernel32.dll [3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %systemroot%\system32\user32.dll /md5 > [2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\windows\system32\user32.dll [3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.* /lockedfiles > [2013-09-27 23:04:08 | 000,032,604 | ---- | M] () Unable to obtain MD5 -- C:\windows\Tasks\SCHEDLGU.TXT ========== Restore Points Found ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Users\All Users] -> -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Users\All Users\Temp:373E1720 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 @Alternate Data Stream - 118 bytes -> C:\Users\All Users\Temp:D1B5B4F1 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report >[/log] [log]OTL Extras logfile created on: 2013-12-25 10:37:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LENOVO\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,66% Memory free 7,89 Gb Paging File | 5,96 Gb Available in Paging File | 75,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,20 Gb Total Space | 85,87 Gb Free Space | 12,55% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,84 Gb Total Space | 1,43 Gb Free Space | 77,63% Space Free | Partition Type: FAT Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00284394-2116-4149-BB35-2CF5B9BA8CF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{015E5DC5-50C2-477B-B905-593FED13FEB1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{01609325-7311-4A00-BD86-B534D5FC2305}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{05AB83EB-106E-4EFF-868A-5AAED1E9D2A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{074DBF41-6A20-4F0D-AEE2-AF5AA2D48773}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{08AB2D4A-E1E4-4C4D-B70C-F767DC3E160E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0C02F7C2-8898-426C-B1A0-C5270FA52C93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0D0E1ABC-C63E-4300-89FE-A396F55BFD07}" = lport=137 | protocol=17 | dir=in | app=system | "{0EA7551E-791E-4799-AAED-40FA925A0A5A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0FA1652D-EA08-487A-83C3-71A9789B6D51}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{1132620B-DC85-483C-BB0C-757D652640B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{13D95EE3-7292-42EE-90EB-117EAE0A059B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{144321A8-AFDE-4759-A1A1-9E7576414BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{16421530-85BD-4F7B-8966-C0904A62F71D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{183988D9-8B39-4428-B7FC-BEF0B7B92920}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{1DAA1024-5FD2-4DF3-B033-8B107DDE30F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{20CD04E5-8C83-4F30-A393-4C7CBF16F9F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{22839C91-349E-48FA-93B1-F2FCD79A4C2F}" = lport=445 | protocol=6 | dir=in | app=system | "{247D7930-E24E-4B12-82E9-53646FAAA258}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{27CEA744-5515-4E5D-A040-1E10385E0E94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{280883F2-7D9B-4CDC-9538-CBAAC44527CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{2D5B442F-F175-4DB0-A87D-4595BAA16E31}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{2E3B9F3F-FE32-4F5B-A504-0F54CBE74549}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{31F61F4D-5A00-4D03-9A50-53FE793BCB91}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | "{3540B676-94B2-436F-A328-6D6BFA31BED4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{3B5A7193-9809-4607-92A1-1CEFA8974780}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{4287E584-6B9C-4A2C-99EE-2EE8F5C29188}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{45FCE0AF-EE5C-4D16-9760-7A0A60043E44}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4653F749-669C-4DC6-8736-936CFDF16C34}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{48136FDB-FB28-4DD4-96C0-F6282D01300F}" = rport=137 | protocol=17 | dir=out | app=system | "{4D003921-65D9-45F7-B951-E521ED614E6C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4E43BFE1-B5A3-47F7-BA9E-075B87DFBDEF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4F539E57-23A5-4AF4-951A-F62F6BC9E587}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{506C2E0E-16C3-41EF-BB76-BF078046CEDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{5172EA81-FD00-42A6-8D30-A714BE3133A8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{554F8E52-C483-4FA6-8A04-77CB2A2FFD57}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{576234EA-1F18-4784-B09B-422628E3F037}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{5CF89D47-BF0B-458F-8912-E84963FB2DAC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{604B00FA-4961-4BA1-A89E-75DC936F6ABC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{61BD374A-8DA2-4988-8AB3-C85451F3C542}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{639E2D5E-F77B-43B3-87A1-1B31998B6B94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{65F96DE0-574E-4B96-ACC3-97E2A2E630E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{66A21133-F135-4367-8250-06559E4A041E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{6C1298ED-6617-42F9-BC6B-EA2C7975DD22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{71B48B80-1EBB-4E11-A0C8-979CBD106113}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{73EF1FDF-56BC-498C-9746-B294F821A43C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{76044B5F-73EA-4F94-8EF1-B75335ED96EB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{79AFAD96-388F-49AE-A99B-1E4F2835E57F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7CC6E6AB-7133-4D91-9C89-146E51FBB371}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7CCA8B86-4CD8-4767-8D6B-1A35423D46F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7E28139E-0ADE-4191-9E2E-17A325010FC2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{858303E6-E258-41E7-B9BD-EED388AF58F9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8608DD88-D79C-4A4B-BC42-ECCBC8F948B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{867C26E7-884A-4B45-A8B5-CCDFE3B16763}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{86A5B6D2-3757-4827-803E-8888E2E1C08B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{876434D2-B4D6-4EAE-8323-5F74DB7EEE71}" = lport=10243 | protocol=6 | dir=in | app=system | "{87E5BC75-74DA-48AF-92B7-38DF84AA4094}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{89C631A9-2324-429D-A85D-10B938EDAB74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8A3C14D9-595D-4312-A3E8-1C173963F74A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8B004AA5-2712-4F63-83DF-17DFE06C176E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8E8987E3-5476-4BD6-B3DA-ED5718B5850D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{912D528E-CDC0-4417-9BA6-B4E5B65B294A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9274D888-2035-48B4-A5F6-2EFA737B6904}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{93F86853-FC62-4E6D-B0DB-3CFFFD38A9AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{943FFEE9-C40F-4CB4-A902-9DC255CB8534}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9503F94A-6FE1-44D3-8905-C314556B57CC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{965882FD-D2CF-49B6-AB4F-8F853A2936E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{96FA16BB-A150-4497-BE63-232CB12AA369}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9715BCA0-CDCA-4B10-B4BD-C32FD4039B90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9797DF38-4960-43BC-BFF1-F6071CB23E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9869D7A2-0327-4217-B36C-1A3052E91209}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AA974880-E81C-4766-B83C-9DE7A10694F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AABE4538-9A09-498F-8B5E-6837C9DF2E9E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AB4CB067-8A3D-4846-82F0-167E5BF32340}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B15A3BE8-BB85-47D5-9810-BABB825E8EE7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B21C54DC-3F0A-44AB-ADB7-7E3D3F27153D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B2B1589C-BF5C-4275-9341-29369DB7C0EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B3EA4841-6A2E-45CB-AC9A-4C5149C53136}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B50AF6D4-43E5-4F86-AEF0-A91A136F336C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B761C800-2629-4B66-85AA-FB20ECEBCE03}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B76BE707-0A26-42B0-978B-4FEB39B4DAD9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{BA654490-A946-48F2-8333-AF8CD96A8649}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C0213AEB-E58A-4FB3-8B01-A405DB4036F8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C8C2AAA5-8353-4AC3-8951-9E47E218C4A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C9E94E0E-0068-4AEF-B378-A1225C1E06F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CA448C3C-647D-4D82-A3DD-57CB22853178}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{CB14571B-B445-4F5A-924F-3435FAFF02D3}" = rport=138 | protocol=17 | dir=out | app=system | "{CB3C92CF-C905-4E04-939C-FEF136CA30D3}" = rport=10243 | protocol=6 | dir=out | app=system | "{CB96D694-20AB-4EE4-A5D5-0D7DFA76200B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CBB1E01D-D692-434F-AEA3-B1065D82D23D}" = lport=2869 | protocol=6 | dir=in | app=system | "{CC11EEBD-F0E9-43C3-B787-7DCFCA0EF60C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CE649C20-A7C4-418D-9080-74990C500A0C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CF87B366-A025-4873-A369-86C561B5FDEC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CFB13FC5-287F-4D9D-A7CF-9D2DB6456F95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{D347674C-5A5B-495F-BA4A-04CB3462232C}" = lport=138 | protocol=17 | dir=in | app=system | "{D3828CAF-C145-43E7-868D-0A75E2969C27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D57BF949-AE76-40B5-9484-369E0A7FAE9F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{DDAB8F5C-B2E2-4F73-902B-C173D5A25187}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{DDB1E0FC-12A4-42AB-8A54-9A2CEE7EB00A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E0B163F4-EA2B-488B-8784-BF5364A39CC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E12AFDC4-D861-4383-9B9B-B1DEF5A21E63}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E60FE32E-2F06-4604-8CD6-63E50DEBC7D1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E669D472-2764-4616-843F-F2B9389154BF}" = rport=139 | protocol=6 | dir=out | app=system | "{E739A004-0345-4610-A08F-DC5F4A72D50B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E76D0ED4-2F99-46FF-93BD-92B56E1EE9F4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EAA95423-383A-41C3-B7B1-AAAFDB0E2D20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{EB7F0179-80D7-4E83-A7EE-882D1380DAEC}" = lport=139 | protocol=6 | dir=in | app=system | "{EBA68078-EBD1-4405-BE3C-5DCF67A74080}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EBDAF1F6-AD79-4723-9BE5-00BE64A13FFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EC0B0327-457B-4755-BB7E-6FFEB9FB149A}" = rport=445 | protocol=6 | dir=out | app=system | "{ECB547D9-ABF8-4351-B5CA-E56081CC8F20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{ECB87683-4BD0-45F0-80D6-54D09041E7AB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{F6CDAF9F-7D6F-4F26-9023-8A5BCF85A2E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{F72F6D7D-7702-486B-AC84-EA5A222B1628}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{F790E314-FF3E-479B-B9ED-E0507EE9564A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{F87B333A-CEC1-4E67-88E6-717BF831AD1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FA206C15-30DB-4529-B26E-D71AA749D3A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB37109D-772D-44D0-ABE4-83F675DEF834}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FB5A1A88-8DBC-40C0-B916-B0446F28236C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FBEAF515-083C-44F0-8C15-58625D8B22EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0236D2F0-6D40-4128-A3D7-47E034C15A70}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{07749E15-EBC1-431D-969E-22CF277557AD}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | "{09087FA3-5B42-49E2-8B67-2BFC15EA7365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{0D4807B4-DB09-47A7-AD6B-CC7389CF67A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0DC91BAD-B173-4529-919D-ADFD360D1CBB}" = dir=in | app=en_conquer2.0_5672_p2p.exe | "{0E6A9C3B-76C8-4026-AE57-B51C9EBAED2A}" = protocol=6 | dir=out | app=system | "{11FA61C2-D568-4BE8-A7C7-D095A497BCBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{150F8C5C-8B6C-4F08-AF7B-3A9FC93A690E}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{1EAAA9FA-02AA-4C94-B8B0-EB1B7D4A75FF}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{1FCC02C6-F754-4B24-BB49-42D97A0E9206}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{2AE31A33-F389-46EC-BEED-5185B5A91A3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2B61A2C8-94EF-4662-8185-F7C0CF49B80C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{2EBE009E-72DA-448C-A66E-2EC2B93A1048}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2F6634D1-6564-4E45-8315-A0B199D82399}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2FCE2662-3ED3-476C-8AC5-6D397E5EB7CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{314529B9-794B-4E0F-8274-3854EF161A15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{3223B7E9-E198-4FC4-854C-1D1A17CFCC45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{33CA2EAC-AFF5-4986-9337-6FD52A135A53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{341D414B-6419-4715-85BF-96E69070C9BE}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{3604235A-FD4D-42AB-9899-0BE9FE7D31C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3F2CA85C-B710-417B-A8E2-FD145E80EC69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3FF5B906-2C86-4570-A7D4-56E792D3949F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4270301A-647D-4E4D-BB31-3C0DC4969E4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4692770B-E033-4D5E-8462-A8FC45C05DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{46C72F9F-517B-4941-8618-9DD8AF17285C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{46FBA5CB-FE67-4858-9871-11C8C66F2488}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | "{47BDB793-C6B1-462C-BF3B-554FC51F7B1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47DA8A68-CF15-4170-91BC-6C6AAB9BCEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{50F3C4D2-DD29-4F09-82D3-1D9A0D9B5E38}" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | "{51001564-9174-4F47-B9D7-9EF825CCA686}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{514E1FC2-7CF9-44F5-BA3E-53168DEDE48F}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{543EC40F-2251-40F0-AC42-0B954E581C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5777879E-3C04-4DD4-AD12-4EE5CF00797F}" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | "{5B7643FE-C568-4D71-B9C9-DD884CCD090C}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{5F20E8F7-3C82-4435-822C-36642980F570}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{60177FEF-4981-4DB6-823E-452DFE688882}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | "{61C9B95C-BD6A-43E9-910B-DF4A3D8EA3E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{65B7588A-B2C7-4EE6-83AC-25A73A47A217}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | "{68EC2B4F-5786-404A-8A7D-074C62F77541}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | "{6F8A3786-B3EA-4ECA-93B1-484D20DA4E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6FA5A6E4-2F6C-4B17-8C05-5DA66BC9CF7A}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{709906C2-BE20-4A53-BD72-32AFF4E3B75C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{72894430-DD36-4AC5-BF73-927F26AE98E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{72F22D0F-47E1-4F34-AC5C-BA86CD24DAEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{79DA61A5-D08D-468C-8115-60073C7CA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7BA53642-DB52-4C37-8AE1-D14DBD45777D}" = dir=in | app=c:\users\lenovo\documents\the war z\infestation.exe | "{7CF3CCAF-9B42-4911-9ABF-C04965CC14C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{816699FB-6D9C-4EC0-9FB7-584989A28E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{832FEB0B-703D-4FF3-B2FE-F8E0B1DEC0DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{86949F07-CA66-4B5C-827B-D2B0EB3E9E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{90DC654D-E98C-4C59-A870-49D5139D700A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93D8D874-ACA4-48CC-BF68-143F92E5608A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{944C1815-88E5-4143-ADD9-84145A92E49C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{99CC8BC0-5C1D-4ED0-91C4-37698F2F11E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B75429B-676D-437D-8B5C-D0000C2DA97D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | "{9E20D3AC-47F4-4ECB-BB52-1DECAEFBDD78}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{9E76E761-B500-4C50-8A66-F25B9BDD8E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{A3EA0028-9016-46B4-A8AE-C355CF0407A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A3FF718A-2168-4C2E-969C-46971B888618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A853715F-E5B9-4C88-9307-E732C39EA4E9}" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | "{AE5209E6-2A24-40E3-9A76-5F1F905B502B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B02508A6-1CEB-41B0-9B8D-7E96C2A78F13}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B3E6D370-54F6-40D6-98BA-3D89D71AD74A}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | "{B9D691E2-A07E-44EE-AB47-405BD25867A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAA0AC06-A2AC-42CB-AAFF-49661DF08D14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BB485344-D3A6-4029-B0A3-CA8930EEDDAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C0F3113E-AE20-4C84-AC9B-A7286F6A22C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C624451E-5DCB-40C4-815B-AEDF7E314F85}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | "{CC2751C3-5CF6-4F87-9358-694267571473}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | "{D20EE982-9D73-4101-823E-AEF2BC1C1456}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D2115566-301E-405D-ADDB-EED6FB6B7DA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D871BE7D-5CA8-4CE3-8A37-50C7609660B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{DE49FCFC-4DC4-4EF9-923A-3A20CA15458F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{E08DC02B-19C2-48C1-8E94-E7C6160AA60A}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{E1D7AA0C-4C60-45E1-8FB0-3B8F97D672BF}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{E40692C0-2544-43E0-B5C1-B505C1507E77}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | "{EA1F64C2-8D25-439D-9706-F1C6FF0D664A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{ED655BCC-BF1C-4995-891B-A7CA0E2764A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{EE0CF172-8D20-47F9-A1B6-8E2870FDBE40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F31E212D-3FE4-47EF-8FC0-7EE6BA26E3FC}" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | "{F78BCE7A-2BA6-4F63-A16F-F545B44DF7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{FA749B5E-722F-4FF6-8E09-B2281368313B}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{FE51F0E4-4DBE-464B-98FA-2230363C1E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{10C9A020-2F34-4484-B30A-14FE28F801D2}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "TCP Query User{1F52B65F-D708-4C5C-881B-256C70001007}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "TCP Query User{3FAE5A84-012A-4C39-9084-64356C4AD1E5}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "TCP Query User{4B51905D-FD8C-40A5-8653-DF9E9C23F675}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | "TCP Query User{53740572-F87D-4CEB-B5C5-B5A229E82EC3}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "TCP Query User{56C97260-924D-49A4-8C61-D881679E621E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{58F3D8DE-BD77-4A24-B2F7-AED72C670861}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "TCP Query User{6055B389-B673-4EC9-8747-4CAB6C9AF35D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "TCP Query User{70E77753-182D-4AB3-8E37-6C971101C4F7}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | "TCP Query User{7A6F41C2-53C0-43F2-A510-FD7AEC7CB812}C:\games\panzar\start.exe" = protocol=6 | dir=in | app=c:\games\panzar\start.exe | "TCP Query User{92ACB85B-21A1-43AF-BFCA-94EFB257EE1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{A4E5788C-0DF2-4CC2-A5D1-4251921C32CE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{B84A213E-FFBD-46CA-9427-76E36AE9F853}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{BAE7D4A4-D742-451A-8084-842B3B1B3030}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "TCP Query User{CF2325C4-D324-4B57-9A2B-B413B4B69331}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{0E576E0A-C59C-496A-ADA0-445B5CA81EDC}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | "UDP Query User{491DBB90-9D2A-4DAE-8E6A-9307D3FED337}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "UDP Query User{5B630CB1-4E4E-4C07-B07C-5CC62628FC6E}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "UDP Query User{5F825AF1-3788-49C5-B924-B66095259CE0}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "UDP Query User{615A6871-23B9-4057-98AC-F4EBE0D37A46}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "UDP Query User{6188F97A-A74E-4FCB-81EF-18EFFD1FB05B}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | "UDP Query User{7521A588-CD8D-47AE-B586-1919AD3FEB6C}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "UDP Query User{9810CA24-F82D-4D7F-9B9B-B7F78802F7FF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{A3759242-E424-4F85-AEF8-914878F57EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{BEF32B76-B9CD-49DD-9760-56D027630C4A}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "UDP Query User{E3175780-AA0B-4A12-A0B7-FB23019B6BDB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{EE9969C7-5005-4EFC-B74C-66FF538FF797}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "UDP Query User{F24270A3-604C-48B8-B33B-5CF6693DE566}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{F7416C9C-BF49-4F50-A91C-16532D0D092C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{FF0B1C03-70E2-45E5-99D9-6E6655B41882}C:\games\panzar\start.exe" = protocol=17 | dir=in | app=c:\games\panzar\start.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap "{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Oprogramowanie Intel® PROSet/Wireless WiFi "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360 "{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English "{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English "{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7811654C-9701-4347-B9DD-7DDB6B47F56A}" = STATISTICA PL 10 (64-bit) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.0725 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9 "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit "{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}" = Microsoft .NET Framework 4.5 RC "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel "AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English "Autodesk ReCap" = Autodesk ReCap "CCleaner" = CCleaner "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "GIMP-2_is1" = GIMP 2.8.6 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit) "Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion) "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{263CB489-274B-4312-B931-0039A7A4443C}" = Unified Remote "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP™13 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP™13 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1" = Panzar "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014 "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014 "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DEBE760-F2D0-11DD-6784-0195548618BE}" = GameShadow V3.1 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1 "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0 "{BEBC66FC-1EF2-4823-B212-3EAB99161098}_is1" = Knight Elite "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Autodesk Content Service" = Autodesk Content Service "Better Surf Plus" = Better Surf Plus "DAEMON Tools Lite" = DAEMON Tools Lite "Dll-Files Fixer_is1" = Dll-Files Fixer "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024 "Driver Updater" = Carambis Driver Updater "ENTERPRISE" = Microsoft Office Enterprise 2007 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "Google Chrome" = Google Chrome "Hitman Absolution_is1" = Hitman Absolution "ilividtoolbarguid" = Search-Results Toolbar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0 "LastFM_is1" = Last.fm Scrobbler 2.1.36 "Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC_is1" = Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Maxima-5.28.0-2_is1" = Maxima 5.28.0-2 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.7.8 "Mount&Blade Warband" = Mount&Blade Warband "Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3 Knife_is1" = Mp3 Knife 3.4 "NapiProjekt_is1" = NapiProjekt (2.1.0.2287) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "OpenAL" = OpenAL "Pajączek 5 NxG STD_is1" = Pajączek 5 NxG STD - Deinstalacja "PAYDAY 2_is1" = PAYDAY 2 "Picasa 3" = Picasa 3 "ProInst" = Intel PROSet Wireless "PunkBusterSvc" = PunkBuster Services "Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger © Ubisoft version 1 "RealPlayer 16.0" = RealPlayer "RegClean Pro_is1" = RegClean Pro "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1 "SP_8e4eb48d" = Search Assistant MocaFlix 1.66 "SP_a8235b05" = Search Assistant SoftQuick 1.66 "Spotydl_is1" = Spotydl 0.9.32.0 "State of Decay_R.G. Mechanics_is1" = State of Decay "Steam App 218230" = PlanetSide 2 "Steam App 42910" = Magicka "Steam App 550" = Left 4 Dead 2 "TmNationsForever_is1" = TmNationsForever "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "Webexp Enhanced" = Webexp Enhanced "Winamp" = Winamp "WinLiveSuite" = Podstawowe programy Windows Live "XfireCodec" = Xfire Codec (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "lollipop" = Lollipop "MyFreeCodec" = MyFreeCodec "Spotify" = Spotify "Wurm Online" = Wurm Online ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-12-24 09:19:35 | Computer Name = LENOVO-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Smite.exe, wersja: 0.1.1888.2, sygnatura czasowa: 0x52b35505 Nazwa modułu powodującego błąd: Smite.exe, wersja: 0.1.1888.2, sygnatura czasowa: 0x52b35505 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0020cdd6 Identyfikator procesu powodującego błąd: 0x1008 Godzina uruchomienia aplikacji powodującej błąd: 0x01cf00aa77ea9674 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe Identyfikator raportu: 07a4196d-6c9e-11e3-8da1-402cf452c667 Error - 2013-12-24 09:35:17 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-12-24 09:35:33 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-24 09:35:33 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-25 04:52:42 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-12-25 04:52:57 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-25 04:52:57 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-25 05:09:20 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-12-25 05:09:25 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-25 05:09:25 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = [ OSession Events ] Error - 2013-02-25 07:00:14 | Computer Name = LENOVO-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 170376 seconds with 1080 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-12-20 11:45:32 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-20 11:45:32 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-20 11:45:33 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-22 07:51:54 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Hi-Rez Studios Authenticate and Update Service. Error - 2013-12-22 11:47:42 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-22 11:47:43 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-22 11:47:43 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-22 11:47:44 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-23 12:46:26 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Hi-Rez Studios Authenticate and Update Service. Error - 2013-12-25 04:52:26 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Hi-Rez Studios Authenticate and Update Service. < End of report >[/log] RSIT [log]info.txt logfile of random's system information tool 1.09 2013-12-25 11:13:36 ======Uninstall list====== -->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{6BDF9B4F-779F-4FC1-A2F2-ABA93C42BC75}\setup.exe" -runfromtemp -l0x0009 -removeonly -->MsiExec /X{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C} µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin Adobe Reader X (10.1.8)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe" Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} Aktualizacje NVIDIA 9.3.21-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage Display.Update AutoCAD 2014 - English-->C:\Program Files\Autodesk\AutoCAD 2014\Setup\en-us\Setup\Setup.exe /P {5783F2D7-D001-0000-0102-0060B0CE6BBA} /M ACAD /language en-US Autodesk 360-->MsiExec.exe /X{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B} Autodesk App Manager-->MsiExec.exe /X{C070121A-C8C5-4D52-9A7D-D240631BD433} Autodesk AutoCAD 2014 - English-->C:\Program Files\Autodesk\AutoCAD 2014\Setup\en-us\Setup\Setup.exe /P {5783F2D7-D001-0000-0102-0060B0CE6BBA} /M ACAD /language en-US Autodesk Content Service Language Pack-->MsiExec.exe /X{62F029AB-85F2-0001-866A-9FC0DD99DDBC} Autodesk Content Service-->C:\Program Files (x86)\Autodesk\Content Service\Setup\Setup.exe /P {62F029AB-85F2-0000-866A-9FC0DD99DDBC} /M ContentService /LANG en-US Autodesk Featured Apps-->MsiExec.exe /X{F732FEDA-7713-4428-934B-EF83B8DD65D0} Autodesk Material Library 2014-->MsiExec.exe /I{644F9B19-A462-499C-BF4D-300ABC2A28B1} Autodesk Material Library Base Resolution Image Library 2014-->MsiExec.exe /I{51BF3210-B825-4092-8E0D-66D689916E02} Autodesk ReCap-->C:\Program Files\Autodesk\Autodesk ReCap\Setup\Setup.exe /P {31ABA3F2-0000-1033-0102-111D43815377} /M Autodesk_ReCap /LANG en-US Better Surf Plus-->C:\Program Files (x86)\BetterSurf\BetterSurfPlus\uninstall.exe Broadcom InConcert Maestro-->MsiExec.exe /X{57DD35E9-D9BB-4089-BB05-EF933C586CB3} Broadcom NetLink Controller-->MsiExec.exe /X{C91DCB72-F5BB-410D-A91A-314F5D1B4284} calibre 64bit-->MsiExec.exe /I{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB} Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Call of Juarez Gunslinger © Ubisoft version 1-->"C:\Program Files (x86)\Call of Juarez Gunslinger\unins000.exe" Carambis Driver Updater-->C:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B} D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200} ARPNOREPAIR="1" DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200} Dll-Files Fixer-->"C:\Program Files (x86)\Dll-Files.com Fixer\unins001.exe" /silent Dll-Files.com Fixer wersja 2.7.72.2024-->"C:\Program Files (x86)\Dll-Files.com Fixer\unins000.exe" Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0415 -removeonly Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB} Euro Truck Simulator 2-->"C:\Program Files (x86)\Euro Truck Simulator 2\unins000.exe" Far Cry 3-->\"C:\Program Files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe\" -runfromtemp -l0x0409 -removeonly FarCry 3 version 5.1-->"C:\Program Files (x86)\FarCry 3\unins000.exe" FIFA 13-->"C:\Program Files (x86)\Common Files\EAInstaller\FIFA 13\Cleanup.exe" uninstall_game -autologging -keepMaintenanceLog Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} GameShadow V3.1-->C:\Program Files (x86)\GameShadow\Uninst_GameShadow.exe /U "C:\Program Files (x86)\GameShadow\Uninst_GameShadow.log" GIMP 2.8.6-->"C:\Program Files\GIMP 2\uninst\unins000.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Earth Plug-in-->MsiExec.exe /X{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Grand Theft Auto: Episodes from Liberty City-->MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701} Hitman Absolution-->"C:\Program Files (x86)\SQUARE ENIX\Hitman Absolution\unins000.exe" I Am Alive-->"C:\Program Files (x86)\InstallShield Installation Information\{62952508-8C6F-4D31-9802-099FC67B41C3}\setup.exe" -runfromtemp -l0x0409 -removeonly I Am Alive-->MsiExec.exe /X{62952508-8C6F-4D31-9802-099FC67B41C3} Intel PROSet Wireless-->Intel PROSet Wireless Intel PROSet Wireless-->Intel PROSet Wireless Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8} IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe Java™ 6 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216045FF} JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Codec Pack 9.3.0 (64-bit)-->"C:\Program Files\K-Lite Codec Pack x64\unins000.exe" K-Lite Mega Codec Pack 9.3.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Knight Elite-->"C:\Program Files (x86)\ePlaybus.com\Knight Elite\unins000.exe" Last.fm Scrobbler 2.1.36-->"C:\Program Files (x86)\Last.fm\UninsHs.exe" /u0=LastFM League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550 Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{C6C9D5F7-630C-4125-8C4E-94AF77C1896E} Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall Lenovo R.I.C. (Robust Intelligent Companion)-->C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\Uninstall.exe Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC-->"C:\Program Files (x86)\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Uninstall\unins000.exe" Magicka-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42910 Malwarebytes Anti-Malware wersja 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Maxima 5.28.0-2-->"C:\Program Files (x86)\Maxima-5.28.0-2\uninst\unins000.exe" MegaTrainer eXperience V1.1.7.8-->"C:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{A49402DD-2781-3782-B0CF-52BDA349E3F3} Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7} Microsoft .NET Framework 4.5 RC-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\\Setup.exe /repair /x86 /x64 Microsoft .NET Framework 4.5 RC-->MsiExec.exe /X{E6F5B546-C708-3CB3-953D-20AA7C6DD48C} Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0415-1000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {9CC96D78-9E1D-46E0-AF4D-3EB440CD4619} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared 64-bit MUI (Polish) 2007-->MsiExec.exe /X{90120000-002A-0415-1000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3} Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False-->MsiExec.exe /X{052bac4a-6f79-46d4-a024-1ce1b4f73cd4} Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False-->MsiExec.exe /X{DCB46B42-723F-350E-B18A-449BC6C21636} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False-->MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False-->MsiExec.exe /X{5B1F2843-B379-3FF2-B0D3-64DD143ED53A} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E} Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003} Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Moduł Szybka instalacja pakietu Microsoft Office 2010-->MsiExec.exe /I{90140000-006D-0415-1000-0000000FF1CE} MotoGP™13-->"C:\Program Files (x86)\InstallShield Installation Information\{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}\setup.exe" -runfromtemp -l0x0409 -removeonly Mount&Blade Warband-->C:\Program Files (x86)\Mount&Blade Warband\uninstall.exe Mozilla Firefox 21.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" Mp3 Knife 3.4-->"C:\Program Files (x86)\Mp3 Knife\unins000.exe" MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} NapiProjekt (2.1.0.2287)-->"C:\Program Files (x86)\NapiProjekt\unins000.exe" NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly NVIDIA GeForce Experience 1.7.1-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage Display.GFExperience NVIDIA Oprogramowanie systemu PhysX 9.13.0725-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /I{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C} NVIDIA Sterownik graficzny 331.65-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.Driver NVIDIA Sterownik kontrolera 3D Vision 331.65-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.NVIRUSB NVIDIA Virtual Audio 1.2.9-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage VirtualAudio.Driver Onekey Theater-->"C:\Program Files (x86)\InstallShield Installation Information\{D4B060B9-AD4A-4152-9D99-28B93C615AFE}\setup.exe" -runfromtemp -l0x0415 -removeonly Onekey Theater-->MsiExec.exe /I{D4B060B9-AD4A-4152-9D99-28B93C615AFE} OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U Oprogramowanie Intel® PROSet/Wireless WiFi-->MsiExec.exe /I{3C41721F-AF0F-4086-AA1C-4C7F29076228} Pajączek 5 NxG STD - Deinstalacja-->"C:\Program Files (x86)\Cream Software\Pajaczek 5 NxG Standard\unins000.exe" Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)-->C:\PROGRA~1\DIFX\8C657473004ED4CD\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\vpc.inf_amd64_neutral_28dd80cc6c82ef03\vpc.inf Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe Panzar-->"C:\Games\Panzar\unins000.exe" Path of Exile-->MsiExec.exe /X{90A4562F-D4A1-4B65-906D-41F236CF6902} PAYDAY 2-->"C:\Program Files (x86)\PAYDAY 2\unins000.exe" PC Tools Registry Mechanic 11.1-->"C:\Program Files (x86)\PC Tools Registry Mechanic\unins000.exe" /LOG Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe" PlanetSide 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/218230 Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1} Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ClientLP Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ExtendedLP Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall PunkBuster Services-->.\pbsvc_zombie.exe -u Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe" RealDownloader-->MsiExec.exe /X{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34} RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealNetworks - Microsoft Visual C++ 2010 Runtime-->MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734} RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|16.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} RegClean Pro-->"C:\Program Files (x86)\RegClean Pro\unins000.exe" /silent Rome - Total War - Alexander-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x9 -removeonly Samsung Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A} SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe Search Assistant MocaFlix 1.66-->"C:\Program Files (x86)\MocaFlix\uninstall.exe" /FULLPATH="C:\Program Files (x86)\MocaFlix" Search Assistant SoftQuick 1.66-->"C:\Program Files (x86)\SoftQuick\uninstall.exe" /FULLPATH="C:\Program Files (x86)\SoftQuick" Search-Results Toolbar-->C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9} Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75} Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F} Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F} Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5} Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5} Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5} Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962} Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12} SketchUp Import for AutoCAD 2014-->MsiExec.exe /X{644E9589-F73A-49A4-AC61-A953B9DE5669} Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} Smite-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=17 Software Version Updater-->C:\Users\LENOVO\AppData\Local\SwvUpdater\Updater.exe /uninstall Spotydl 0.9.32.0-->"C:\Program Files (x86)\Spotydl\unins000.exe" SRS Control Panel-->MsiExec.exe /X{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4} State of Decay-->"C:\Users\LENOVO\AppData\Roaming\State of Decay\Uninstall\unins000.exe" STATISTICA PL 10 (64-bit)-->MsiExec.exe /X{7811654C-9701-4347-B9DD-7DDB6B47F56A} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The War Z version 1.0-->"C:\Users\LENOVO\Documents\The War Z\unins000.exe" TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Unified Remote-->MsiExec.exe /I{263CB489-274B-4312-B931-0039A7A4443C} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3} Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C} Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {525A4A44-8940-40AD-ABA0-14501199D2F0} Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C} Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C} Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2} Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {840D15BD-72E8-4710-ABDD-8E883B88BD5D} Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5F9C863-59A7-40CA-8D86-E27D6B1D2617} VLC media player 2.0.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe War Thunder Launcher 1.0.1.269-->"C:\Program Files (x86)\WarThunder\unins000.exe" Webexp Enhanced-->C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\uninstall.exe Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80} WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe Xfire 2.0-->"C:\Program Files (x86)\Xfire2\unins000.exe" Xfire Codec (remove only)-->"C:\Program Files (x86)\Common Files\Xfire\uninst.exe" ======System event log====== Computer Name: LENOVO-Komputer Event Code: 37 Message: Szybkość procesora 1 w grupie 0 jest ograniczana przez systemowe oprogramowanie układowe. Procesor miał ograniczony stan wydajności przez 71 s od ostatniego raportu. Record Number: 114214 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20130328215531.148753-000 Event Type: Ostrzeżenia User: ZARZĄDZANIE NT\SYSTEM Computer Name: LENOVO-Komputer Event Code: 37 Message: Szybkość procesora 0 w grupie 0 jest ograniczana przez systemowe oprogramowanie układowe. Procesor miał ograniczony stan wydajności przez 71 s od ostatniego raportu. Record Number: 114213 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20130328215531.048747-000 Event Type: Ostrzeżenia User: ZARZĄDZANIE NT\SYSTEM Computer Name: LENOVO-Komputer Event Code: 7036 Message: Usługa Instalator modułów systemu Windows weszła w stan zatrzymania. Record Number: 114212 Source Name: Service Control Manager Time Written: 20130328215434.398507-000 Event Type: Informacje User: Computer Name: LENOVO-Komputer Event Code: 7040 Message: Typ uruchamiania usługi Instalator modułów systemu Windows został zmieniony z autostart na uruchamianie na żądanie. Record Number: 114211 Source Name: Service Control Manager Time Written: 20130328215434.303502-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LENOVO-Komputer Event Code: 7040 Message: Typ uruchamiania usługi Instalator modułów systemu Windows został zmieniony z uruchamianie na żądanie na autostart. Record Number: 114210 Source Name: Service Control Manager Time Written: 20130328215433.745470-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM =====Application event log===== Computer Name: LENOVO-Komputer Event Code: 3 Message: Record Number: 124362 Source Name: NvStreamSvc Time Written: 20131120164012.000000-000 Event Type: Informacje User: Computer Name: LENOVO-Komputer Event Code: 3 Message: Record Number: 124361 Source Name: NvStreamSvc Time Written: 20131120164012.000000-000 Event Type: Informacje User: Computer Name: LENOVO-Komputer Event Code: 3 Message: Record Number: 124360 Source Name: NvStreamSvc Time Written: 20131120164012.000000-000 Event Type: Informacje User: Computer Name: LENOVO-Komputer Event Code: 3 Message: Record Number: 124359 Source Name: NvStreamSvc Time Written: 20131120164011.000000-000 Event Type: Informacje User: Computer Name: LENOVO-Komputer Event Code: 3 Message: Record Number: 124358 Source Name: NvStreamSvc Time Written: 20131120164011.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: LENOVO-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: LENOVO-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x2ac Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4122 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121007082438.319626-000 Event Type: Sukcesy inspekcji User: Computer Name: LENOVO-Komputer Event Code: 5056 Message: Wykonano autotest funkcji kryptograficznej. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: LENOVO-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Moduł: ncrypt.dll Kod powrotny: 0x0 Record Number: 4121 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121007082437.555624-000 Event Type: Sukcesy inspekcji User: Computer Name: LENOVO-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 4120 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121007082436.853623-000 Event Type: Sukcesy inspekcji User: Computer Name: LENOVO-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: LENOVO-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x2ac Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4119 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121007082436.853623-000 Event Type: Sukcesy inspekcji User: Computer Name: LENOVO-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 4118 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121007082436.838023-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "configsetroot"=%SystemRoot%\ConfigSetRoot "FP_NO_HOST_CHECK"=NO "LenovoTestLogFile"=preload.log "LenovoTestPath"=C:\prdv10\ "NUMBER_OF_PROCESSORS"=4 "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files (x86)\Windows Live\Shared;C\SDK\platform-tools;C:\Program Files\Calibre2\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=2a07 "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "windows_tracing_flags"=3 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "CM2014DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ "ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.09 (written by random/random) Run by LENOVO at 2013-12-25 10:57:09 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 88 GB (13%) free of 701 GB Total RAM: 4040 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:13:35, on 2013-12-25 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\LENOVO.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: BetterSrf - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll (file missing) O2 - BHO: WebexpEnhancedV1alpha872 - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-21-3429779742-4234798171-2531594576-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3429779742-4234798171-2531594576-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe O23 - Service: UsA‚uga DealPly Live (dealplylive) (dealplylive) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe O23 - Service: UsA‚uga DealPly Live (dealplylivem) (dealplylivem) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12426 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe winlogon.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch "C:\windows\system32\nvvsvc.exe" C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 29171904 \??\C:\windows\system32\conhost.exe "-1579820897-974790045-1759636916399327966-274527425-868844760632487760996075342 C:\windows\System32\spoolsv.exe "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\windows\system32\nvvsvc.exe -session -first C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" "C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe" "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" "C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe" "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" "C:\windows\system32\Dwm.exe" "taskhost.exe" C:\windows\Explorer.EXE "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray "C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" "C:\windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl "C:\Windows\WindowsMobile\wmdc.exe" taskeng.exe {E885D7A9-D874-43DA-BC65-84C78FE7F203} "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe" "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe" "C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe" C:\windows\SysWOW64\PnkBstrA.exe "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" "C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" C:\windows\system32\wbem\unsecapp.exe -Embedding C:\windows\system32\wbem\unsecapp.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp \??\C:\windows\system32\conhost.exe "1629624446-80977395-2028512911209284486-134452121213019270822006986448948823169 "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\windows\system32\SearchIndexer.exe /Embedding C:\windows\system32\svchost.exe -k WindowsMobile C:\windows\system32\svchost.exe -k bthsvcs "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook "C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding "C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-460b070d-ef3f-4ecc-8301-cf971d27279e -SystemEventPortName:HostProcess-eeeee851-dc62-47c6-ba3a-d79f59fad46e -IoCancelEventPortName:HostProcess-e051693b-3f8d-4805-aab4-706eae57ccaa -NonStateChangingEventPortName:HostProcess-f5547836-4474-4350-98ae-994b7878eebb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:843e72d5-0276-4711-8529-9fe956337816 -DeviceGroupId:WpdFsGroup C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe" /c "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" C:\windows\System32\svchost.exe -k secsvcs "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2056 "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\windows\system32\wuauclt.exe" "taskhost.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.c..._S0RUNYAB604258 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1148.0.649981357\1438699597" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2342 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.1.138404618\912050116" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.3.176620270\930791890" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.10.1308224092\1495504280" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="1148.11.203268733\655035462" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.12.1884089399\352791822" /prefetch:673131151 "C:\Users\LENOVO\Downloads\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe taskeng.exe {342B5C48-FFD4-4B7D-8DF4-AEA1654C1FC2} ======Scheduled tasks folder====== C:\windows\tasks\AmiUpdXp.job C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job C:\windows\tasks\RMAutoUpdate.job C:\windows\tasks\RMSchedule.job =========Mozilla firefox========= ProfilePath - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2] "Description"=Java™ Deployment Toolkit "Path"=C:\windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282] "Description"=RealPlayer™ LiveConnect-Enabled Plug-In "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0] "Description"=RealNetworks™ RealDownloader Chrome Background Extension Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0] "Description"=RealNetworks™ RealDownloader HTML5VideoShim Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0] "Description"=RealNetworks™ RealDownloader Peppe rFlash Video Shim Plug-In "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282] "Description"=RealPlayer Download Plugin "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1] "Description"=RealDownloader Plugin "Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3] "Description"=DealPlyLive Update "Path"=C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9] "Description"=DealPlyLive Update "Path"=C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\searchplugins\ qone8.xml C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\extensions\ firefox@lemurleap.info {e53a26f5-7199-4a5b-86f5-d2e86854b979} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1824FF90-C98E-48A6-838F-E3B6572B0C77}] Better Surf Plus - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4b8af81-d6cc-4c27-bbd7-2b22617cdb75}] Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll [2013-12-19 87552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\windows\system32\igfxtray.exe [2011-03-30 167960] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-03-30 391704] "Persistence"=C:\windows\system32\igfxpers.exe [2011-03-30 418840] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344] "IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120] "OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2011-08-14 789920] "Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360] "Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-11-08 1028384] "ShadowPlay"=C:\windows\system32\nvspcap64.dll [2013-11-08 1064224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-02 802136] "Spotify Web Helper"=C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-12-08 1168896] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728] "Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-01-12 283160] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] "TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2013-01-03 295072] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Xfire.lnk - C:\Program Files (x86)\Xfire2\Xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll,c:\windows\system32\nvinitx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2011-03-26 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 ""= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "VIDC.XFR1"=xfcodec64.dll "VIDC.LAGS"=lagarith.dll "VIDC.FFDS"=ff_vfw.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-12-25 10:57:09 ----D---- C:\rsit 2013-12-25 10:57:09 ----D---- C:\Program Files\trend micro 2013-12-25 10:02:26 ----D---- C:\Program Files (x86)\Microsoft XNA 2013-12-21 17:01:42 ----D---- C:\Program Files (x86)\WebexpEnhancedV1 2013-12-08 17:56:54 ----D---- C:\Users\LENOVO\AppData\Roaming\Carambis 2013-12-08 17:56:48 ----D---- C:\Program Files (x86)\Carambis 2013-12-08 12:37:23 ----D---- C:\ProgramData\FARO 2013-12-08 12:32:41 ----D---- C:\Program Files\Common Files\Macrovision Shared 2013-12-08 12:27:59 ----D---- C:\Program Files\Common Files\Autodesk Shared 2013-12-08 12:27:59 ----D---- C:\Program Files\Autodesk 2013-12-08 12:27:24 ----D---- C:\Program Files (x86)\Autodesk 2013-12-08 12:20:07 ----D---- C:\Users\LENOVO\AppData\Roaming\Autodesk 2013-12-08 12:20:07 ----D---- C:\ProgramData\Autodesk 2013-12-08 11:37:29 ----D---- C:\Users\LENOVO\AppData\Roaming\Xfire 2013-12-08 11:37:06 ----D---- C:\ProgramData\Xfire 2013-12-08 11:37:06 ----D---- C:\Program Files (x86)\Xfire2 2013-12-08 11:31:53 ----D---- C:\Program Files (x86)\Mobogenie 2013-12-06 08:51:21 ----D---- C:\Intel ======List of files/folders modified in the last 1 month====== 2013-12-25 11:09:00 ----D---- C:\windows\Temp 2013-12-25 10:57:09 ----RD---- C:\Program Files 2013-12-25 10:19:55 ----D---- C:\windows\system32\config 2013-12-25 10:15:22 ----D---- C:\windows\System32 2013-12-25 10:15:22 ----D---- C:\windows\inf 2013-12-25 10:15:22 ----A---- C:\windows\system32\PerfStringBackup.INI 2013-12-25 10:11:52 ----A---- C:\windows\SYSWOW64\log.txt 2013-12-25 10:10:46 ----D---- C:\Users\LENOVO\AppData\Roaming\uTorrent 2013-12-25 10:09:28 ----D---- C:\windows\system32\Tasks 2013-12-25 10:09:08 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic 2013-12-25 10:02:41 ----SHD---- C:\windows\Installer 2013-12-25 10:02:40 ----RSD---- C:\windows\assembly 2013-12-25 10:02:26 ----D---- C:\Program Files (x86) 2013-12-25 10:02:23 ----SHD---- C:\System Volume Information 2013-12-24 19:56:08 ----AD---- C:\ProgramData\Temp 2013-12-24 19:04:00 ----D---- C:\windows\SysWOW64 2013-12-22 20:07:35 ----D---- C:\Filmy 2013-12-22 20:03:04 ----D---- C:\Users\LENOVO\AppData\Roaming\vlc 2013-12-18 15:47:36 ----D---- C:\windows\Tasks 2013-12-18 11:34:12 ----D---- C:\windows\system32\catroot2 2013-12-17 22:34:22 ----D---- C:\Seriale 2013-12-15 22:22:36 ----D---- C:\Program Files (x86)\Google 2013-12-15 12:03:35 ----D---- C:\Gry 2013-12-11 00:51:59 ----D---- C:\Program Files (x86)\BetterSurf 2013-12-08 19:49:43 ----SD---- C:\Users\LENOVO\AppData\Roaming\Microsoft 2013-12-08 18:44:23 ----D---- C:\Users\LENOVO\AppData\Roaming\Spotify 2013-12-08 18:05:16 ----HD---- C:\ProgramData 2013-12-08 17:42:20 ----D---- C:\Windows 2013-12-08 17:38:49 ----D---- C:\Program Files\Google 2013-12-08 17:38:48 ----RSD---- C:\windows\Fonts 2013-12-08 14:52:15 ----D---- C:\windows\winsxs 2013-12-08 14:42:34 ----D---- C:\Program Files (x86)\Steam 2013-12-08 14:39:04 ----D---- C:\windows\system32\DriverStore 2013-12-08 14:39:04 ----D---- C:\windows\system32\catroot 2013-12-08 14:35:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-12-08 14:32:13 ----D---- C:\Program Files (x86)\HLSW 2013-12-08 14:31:43 ----D---- C:\Program Files (x86)\GRID 2 2013-12-08 14:24:34 ----D---- C:\Program Files (x86)\Valve 2013-12-08 14:20:21 ----D---- C:\Program Files (x86)\Bridge Project 2013-12-08 14:17:50 ----D---- C:\Program Files (x86)\Common Files 2013-12-08 14:17:47 ----D---- C:\windows\system32\drivers 2013-12-08 14:16:56 ----D---- C:\Program Files (x86)\Age of Empires II HD 2013-12-08 13:40:13 ----D---- C:\Program Files\Common Files 2013-12-08 13:37:29 ----D---- C:\ProgramData\Firefly Studios 2013-12-08 13:37:10 ----D---- C:\Program Files\TeamSpeak 3 Client 2013-12-08 13:34:25 ----D---- C:\Program Files (x86)\O22y Inc 2013-12-08 13:33:32 ----D---- C:\Program Files (x86)\Lenovo 2013-12-08 13:33:11 ----D---- C:\Games 2013-12-08 13:32:32 ----D---- C:\Program Files (x86)\WRC 4 FIA World Rally Championship 2013-12-08 13:32:10 ----D---- C:\ProgramData\eSafe 2013-12-08 12:36:16 ----D---- C:\windows\Microsoft.NET 2013-12-08 12:34:30 ----D---- C:\windows\Downloaded Program Files 2013-12-08 12:24:48 ----D---- C:\windows\Logs 2013-12-08 12:24:42 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI 2013-12-08 12:23:19 ----D---- C:\windows\SYSWOW64\pl-PL 2013-12-08 12:23:19 ----D---- C:\windows\system32\pl-PL 2013-12-08 12:18:47 ----D---- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite 2013-12-08 11:33:54 ----D---- C:\ProgramData\DatacardService 2013-12-08 11:32:37 ----RD---- C:\Users 2013-12-06 08:20:38 ----D---- C:\Users\LENOVO\AppData\Roaming\.minecraft 2013-12-06 08:10:50 ----D---- C:\windows\system32\LogFiles 2013-12-04 19:38:31 ----D---- C:\Users\LENOVO\AppData\Roaming\calibre 2013-12-04 16:07:57 ----D---- C:\Users\LENOVO\AppData\Roaming\Media Player Classic 2013-12-03 11:09:49 ----SD---- C:\ProgramData\Microsoft 2013-12-01 10:51:04 ----D---- C:\Users\LENOVO\AppData\Roaming\Winamp ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 HybridDisk;HybridDisk; C:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496] R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320] R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-08-14 39008] R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2013-10-23 32544] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-06 283200] R1 hybridcfile;hybridcfile; C:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-14 29792] R3 BthEnum;Sterownik Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288] R3 btwaudio;Urz¹dzenie dŸwiêkowe Bluetooth; C:\windows\system32\drivers\btwaudio.sys [2011-05-13 150568] R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2011-05-13 164392] R3 BTWDPAN;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640] R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976] R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-05-13 21544] R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088] R3 DelayMan;ACPI DelayMan Filter Service; C:\windows\system32\DRIVERS\delayman.sys [2011-08-14 20064] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-03-26 12262336] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560] R3 IntcDAud;Intel® Audio dla ekranów; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] R3 NETwNs64;___ Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows 7 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\windows\system32\drivers\nvvad64v.sys [2013-09-28 39200] R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-03-21 1413168] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 ALSysIO;ALSysIO; \??\C:\Users\LENOVO\AppData\Local\Temp\ALSysIO64.sys [] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2013-04-03 38080] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] S3 BTHPORT;Sterownik portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [] S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [] S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [] S3 huawei_cdcecm;huawei_cdcecm; C:\windows\system32\DRIVERS\ew_jucdcecm.sys [] S3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [] S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [] S3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] S3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2010-11-21 184960] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2013-04-03 169288] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2013-04-03 21320] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2013-04-03 188232] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2013-04-03 158024] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288] R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-05-12 970016] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-12-16 9216] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-21 325656] R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-08 15125280] R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2013-10-23 922912] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-11-08 1914656] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272] R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2013-07-07 76888] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-04-30 104872] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816] S2 dealplylive;UsÅ‚uga DealPly Live (dealplylive); C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-23 148000] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176] S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] S3 aspnet_state;„Usługa stanu ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-04-30 51080] S3 dealplylivem;UsÅ‚uga DealPly Live (dealplylivem); C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-23 148000] S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-08 1471352] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-06 194032] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-11 117144] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736] S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720] S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720] S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720] -----------------EOF-----------------[/log] Z góry dziękuję za pomoc ;) Przepraszam za dublowanie tematów ale niestety coś mi nie działa i gdy pisze nowy temat wywala mi błąd a gdy edytuje i klikasz zapisz zmiany to musze to zrobić chyba z 15 razy żeby w końcu je zatwierdziło. Z stąd zdublowane tematy...
Natsuki Kuga komentarz 28 grudnia 2013 komentarz 28 grudnia 2013 robiłem to co kazali w intranecie ale nic nie pomogło. Jakie działania wykonywałeś? 1. Odinstaluj poprzez Dodaj/usuń programy:Better Surf Plus, Search-Results Toolbar, Lollipop2. Sprawdź w przeglądarkach, czy posiadasz wymienione dodatki, jeśli są, odinstaluj: DealPly Shopping, DealPlyLive, LemurLeap, Webexp Enhanced, ettersurfplus 3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258 IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://start.qone8.c..._S0RUNYAB604258 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://start.qone8.c..._S0RUNYAB604258 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =http://www2.delta-se...120695&tsp=5007 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =http://start.qone8.c...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" =http://websearch.sof...q={searchTerms} FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff [2013-11-23 01:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff [2013-11-25 22:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [2013-12-11 00:52:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha872.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ff [2013-12-21 17:01:42 | 000,000,000 | ---D | M] [2013-10-23 17:33:18 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [2013-10-23 17:32:45 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\firefox@lemurleap.info [2013-12-21 17:01:42 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF [2013-10-23 17:33:07 | 000,000,665 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml O2 - BHO: (Better Surf Plus) - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll File not found O2 - BHO: (Webexp Enhanced) - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Power2GoExpress] NA File not found O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll) - File not found :Files C:\Program Files (x86)\DealPlyLive C:\Program Files (x86)\BetterSurf C:\Program Files (x86)\WebexpEnhancedV1 C:\Program Files (x86)\Mobogenie C:\Users\LENOVO\AppData\Local\Mobogenie C:\Users\LENOVO\Documents\Mobogenie C:\Users\LENOVO\AppData\Local\cache C:\ProgramData\mtbjfghn.xbe C:\Users\LENOVO\AppData\Roaming\Dealply c:\program files (x86)\search results toolbar :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{E08DC02B-19C2-48C1-8E94-E7C6160AA60A}"=- :Services dealplylivem dealplylive :Commands [emptytemp] Pokaż raport.4. Użyj AdwCleaner z opcji Usuń. Pokaż raport.5. Pokaż zestaw nowych logów z OTL + log z Gmer.
Shimek komentarz 29 grudnia 2013 Autor komentarz 29 grudnia 2013 (edytowane) Dziękuję za zainteresowanie :) Nie wstawiłem więcej logów bo niestety nie dałem rady nie wiem dlaczego. przeinstalowywałem:Wersje 32-bitMicrosoft Visual C++ 2005Microsoft Visual C++ 2008Microsoft Visual C++ 2010Wersje 64-bitMicrosoft Visual C++ 2005Microsoft Visual C++ 2008Microsoft Visual C++ 2010 oraz - .NET Framework 4oraz- XNA Framework Redistributable 4.0 Ale wiem że przy jednym Visualu i Framework były jakieś problemy przy instalacji. AdwCleaner [log]# AdwCleaner v3.016 - Log utworzony 29/12/2013 o 10:43:23 # Aktualizacja 23/12/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : LENOVO - LENOVO-KOMPUTER # Ścieżka : C:\Users\LENOVO\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\Babylon Folder Usunięto : C:\ProgramData\boost_interprocess Folder Usunięto : C:\ProgramData\continuetosave Folder Usunięto : C:\ProgramData\DealPlyLive Folder Usunięto : C:\ProgramData\DSearchLink Folder Usunięto : C:\ProgramData\eSafe Folder Usunięto : C:\ProgramData\Partner Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs Folder Usunięto : C:\Program Files (x86)\Better-Surf Folder Usunięto : C:\Program Files (x86)\continuetosave Folder Usunięto : C:\Program Files (x86)\DealPly Folder Usunięto : C:\Program Files (x86)\MocaFlix Folder Usunięto : C:\Program Files (x86)\myfree codec Folder Usunięto : C:\Program Files (x86)\RegClean Pro Folder Usunięto : C:\Users\LENOVO\AppData\Local\DealPlyLive Folder Usunięto : C:\Users\LENOVO\AppData\Local\lollipop Folder Usunięto : C:\Users\LENOVO\AppData\Local\SwvUpdater Folder Usunięto : C:\Users\LENOVO\AppData\Local\TempDir Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\iPumper Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\registry mechanic Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\Systweak Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly Folder Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdilakifhjjibbminpkkfjhdkichfikn Plik Usunięto : C:\END Plik Usunięto : C:\Users\Public\Desktop\RegClean Pro.lnk Plik Usunięto : C:\windows\System32\roboot64.exe Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\invalidprefs.js Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\user.js Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal Plik Usunięto : C:\windows\Tasks\AmiUpdXp.job Plik Usunięto : C:\windows\System32\Tasks\AmiUpdXp ***** [ Skróty ] ***** Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Przeglądarka internetowa.lnk ***** [ Rejestr ] ***** Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bdilakifhjjibbminpkkfjhdkichfikn Klucz Usunięto : HKCU\Software\Classes\Applications\lollipop.exe Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\secman.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0 Klucz Usunięto : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Klucz Usunięto : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Updater.AmiUpd Klucz Usunięto : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a8235b05 Klucz Usunięto : HKCU\Software\5e288d0b46dba49 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_league-of-legends_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_league-of-legends_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_n-v2-0-ninja_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_n-v2-0-ninja_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E9CE065-B861-B574-E5A2-1535A6FAD97F} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Klucz Usunięto : HKCU\Software\BabSolution Klucz Usunięto : HKCU\Software\DataMngr [#] Klucz Usunięto : HKCU\Software\DataMngr_Toolbar Klucz Usunięto : HKCU\Software\DealPly Klucz Usunięto : HKCU\Software\DealPlyLive Klucz Usunięto : HKCU\Software\Escolade Klucz Usunięto : HKCU\Software\ilivid Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\lollipop Klucz Usunięto : HKCU\Software\Myfree Codec Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\systweak Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\Software\DealPly Klucz Usunięto : HKLM\Software\DealPlyLive Klucz Usunięto : HKLM\Software\Myfree Codec Klucz Usunięto : HKLM\Software\qone8Software Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\Software\systweak Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Klucz Usunięto : [x64] HKLM\SOFTWARE\DataMngr ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v9.0.8112.16470 -\\ Mozilla Firefox v21.0 (pl) [ Plik : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\prefs.js ] Wpis usunięty : user_pref("aol_toolbar.default.homepage.check", false); Wpis usunięty : user_pref("aol_toolbar.default.search.check", false); Wpis usunięty : user_pref("extensions.BabylonToolbar.prtkDS", 0); Wpis usunięty : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Wpis usunięty : user_pref("extensions.delta.admin", false); Wpis usunięty : user_pref("extensions.delta.aflt", "babsst"); Wpis usunięty : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Wpis usunięty : user_pref("extensions.delta.autoRvrt", "false"); Wpis usunięty : user_pref("extensions.delta.dfltLng", "en"); Wpis usunięty : user_pref("extensions.delta.excTlbr", false); Wpis usunięty : user_pref("extensions.delta.ffxUnstlRst", true); Wpis usunięty : user_pref("extensions.delta.id", "54f90af8000000000000402cf452c667"); Wpis usunięty : user_pref("extensions.delta.instlDay", "15964"); Wpis usunięty : user_pref("extensions.delta.instlRef", "sst"); Wpis usunięty : user_pref("extensions.delta.newTab", false); Wpis usunięty : user_pref("extensions.delta.prdct", "delta"); Wpis usunięty : user_pref("extensions.delta.prtnrId", "delta"); Wpis usunięty : user_pref("extensions.delta.rvrt", "false"); Wpis usunięty : user_pref("extensions.delta.smplGrp", "none"); Wpis usunięty : user_pref("extensions.delta.tlbrId", "base"); Wpis usunięty : user_pref("extensions.delta.tlbrSrchUrl", ""); Wpis usunięty : user_pref("extensions.delta.vrsn", "1.8.24.6"); Wpis usunięty : user_pref("extensions.delta.vrsnTs", "1.8.24.623:04:24"); Wpis usunięty : user_pref("extensions.delta.vrsni", "1.8.24.6"); Wpis usunięty : user_pref("extensions.delta_i.babExt", ""); Wpis usunięty : user_pref("extensions.delta_i.babTrack", "affID=120695&tsp=5007"); Wpis usunięty : user_pref("extensions.delta_i.srcExt", "ss"); Wpis usunięty : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Wpis usunięty : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Wpis usunięty : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Wpis usunięty : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Wpis usunięty : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v31.0.1650.63 [ Plik : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Plik : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [23602 octets] - [29/12/2013 10:38:32] AdwCleaner[S0].txt - [21083 octets] - [29/12/2013 10:43:23] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21144 octets] ########## [/log] OTL [log]OTL Extras logfile created on: 2013-12-29 12:20:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LENOVO\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,69% Memory free 7,89 Gb Paging File | 5,49 Gb Available in Paging File | 69,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,20 Gb Total Space | 82,23 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,84 Gb Total Space | 1,20 Gb Free Space | 65,16% Space Free | Partition Type: FAT Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00284394-2116-4149-BB35-2CF5B9BA8CF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{015E5DC5-50C2-477B-B905-593FED13FEB1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{01609325-7311-4A00-BD86-B534D5FC2305}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{05AB83EB-106E-4EFF-868A-5AAED1E9D2A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{074DBF41-6A20-4F0D-AEE2-AF5AA2D48773}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{08AB2D4A-E1E4-4C4D-B70C-F767DC3E160E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0C02F7C2-8898-426C-B1A0-C5270FA52C93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0D0E1ABC-C63E-4300-89FE-A396F55BFD07}" = lport=137 | protocol=17 | dir=in | app=system | "{0EA7551E-791E-4799-AAED-40FA925A0A5A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{0FA1652D-EA08-487A-83C3-71A9789B6D51}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{1132620B-DC85-483C-BB0C-757D652640B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{13D95EE3-7292-42EE-90EB-117EAE0A059B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{144321A8-AFDE-4759-A1A1-9E7576414BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{16421530-85BD-4F7B-8966-C0904A62F71D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{183988D9-8B39-4428-B7FC-BEF0B7B92920}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{1DAA1024-5FD2-4DF3-B033-8B107DDE30F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{20CD04E5-8C83-4F30-A393-4C7CBF16F9F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{22839C91-349E-48FA-93B1-F2FCD79A4C2F}" = lport=445 | protocol=6 | dir=in | app=system | "{247D7930-E24E-4B12-82E9-53646FAAA258}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{27CEA744-5515-4E5D-A040-1E10385E0E94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{280883F2-7D9B-4CDC-9538-CBAAC44527CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{2D5B442F-F175-4DB0-A87D-4595BAA16E31}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{2E3B9F3F-FE32-4F5B-A504-0F54CBE74549}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{31F61F4D-5A00-4D03-9A50-53FE793BCB91}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | "{3540B676-94B2-436F-A328-6D6BFA31BED4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{3B5A7193-9809-4607-92A1-1CEFA8974780}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{4287E584-6B9C-4A2C-99EE-2EE8F5C29188}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{45FCE0AF-EE5C-4D16-9760-7A0A60043E44}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4653F749-669C-4DC6-8736-936CFDF16C34}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{48136FDB-FB28-4DD4-96C0-F6282D01300F}" = rport=137 | protocol=17 | dir=out | app=system | "{4D003921-65D9-45F7-B951-E521ED614E6C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4E43BFE1-B5A3-47F7-BA9E-075B87DFBDEF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{4F539E57-23A5-4AF4-951A-F62F6BC9E587}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{506C2E0E-16C3-41EF-BB76-BF078046CEDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{5172EA81-FD00-42A6-8D30-A714BE3133A8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{554F8E52-C483-4FA6-8A04-77CB2A2FFD57}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{576234EA-1F18-4784-B09B-422628E3F037}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{5CF89D47-BF0B-458F-8912-E84963FB2DAC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{604B00FA-4961-4BA1-A89E-75DC936F6ABC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{61BD374A-8DA2-4988-8AB3-C85451F3C542}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{639E2D5E-F77B-43B3-87A1-1B31998B6B94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{65F96DE0-574E-4B96-ACC3-97E2A2E630E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{66A21133-F135-4367-8250-06559E4A041E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{6C1298ED-6617-42F9-BC6B-EA2C7975DD22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{71B48B80-1EBB-4E11-A0C8-979CBD106113}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{73EF1FDF-56BC-498C-9746-B294F821A43C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{76044B5F-73EA-4F94-8EF1-B75335ED96EB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{79AFAD96-388F-49AE-A99B-1E4F2835E57F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7CC6E6AB-7133-4D91-9C89-146E51FBB371}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7CCA8B86-4CD8-4767-8D6B-1A35423D46F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{7E28139E-0ADE-4191-9E2E-17A325010FC2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{858303E6-E258-41E7-B9BD-EED388AF58F9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8608DD88-D79C-4A4B-BC42-ECCBC8F948B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{867C26E7-884A-4B45-A8B5-CCDFE3B16763}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{86A5B6D2-3757-4827-803E-8888E2E1C08B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{876434D2-B4D6-4EAE-8323-5F74DB7EEE71}" = lport=10243 | protocol=6 | dir=in | app=system | "{87E5BC75-74DA-48AF-92B7-38DF84AA4094}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{89C631A9-2324-429D-A85D-10B938EDAB74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8A3C14D9-595D-4312-A3E8-1C173963F74A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8B004AA5-2712-4F63-83DF-17DFE06C176E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{8E8987E3-5476-4BD6-B3DA-ED5718B5850D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{912D528E-CDC0-4417-9BA6-B4E5B65B294A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9274D888-2035-48B4-A5F6-2EFA737B6904}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{93F86853-FC62-4E6D-B0DB-3CFFFD38A9AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{943FFEE9-C40F-4CB4-A902-9DC255CB8534}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9503F94A-6FE1-44D3-8905-C314556B57CC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{965882FD-D2CF-49B6-AB4F-8F853A2936E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{96FA16BB-A150-4497-BE63-232CB12AA369}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{9715BCA0-CDCA-4B10-B4BD-C32FD4039B90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9797DF38-4960-43BC-BFF1-F6071CB23E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9869D7A2-0327-4217-B36C-1A3052E91209}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AA974880-E81C-4766-B83C-9DE7A10694F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AABE4538-9A09-498F-8B5E-6837C9DF2E9E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{AB4CB067-8A3D-4846-82F0-167E5BF32340}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B15A3BE8-BB85-47D5-9810-BABB825E8EE7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B21C54DC-3F0A-44AB-ADB7-7E3D3F27153D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B2B1589C-BF5C-4275-9341-29369DB7C0EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B3EA4841-6A2E-45CB-AC9A-4C5149C53136}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B50AF6D4-43E5-4F86-AEF0-A91A136F336C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B761C800-2629-4B66-85AA-FB20ECEBCE03}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B76BE707-0A26-42B0-978B-4FEB39B4DAD9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{BA654490-A946-48F2-8333-AF8CD96A8649}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C0213AEB-E58A-4FB3-8B01-A405DB4036F8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C8C2AAA5-8353-4AC3-8951-9E47E218C4A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C9E94E0E-0068-4AEF-B378-A1225C1E06F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CA448C3C-647D-4D82-A3DD-57CB22853178}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{CB14571B-B445-4F5A-924F-3435FAFF02D3}" = rport=138 | protocol=17 | dir=out | app=system | "{CB3C92CF-C905-4E04-939C-FEF136CA30D3}" = rport=10243 | protocol=6 | dir=out | app=system | "{CB96D694-20AB-4EE4-A5D5-0D7DFA76200B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CBB1E01D-D692-434F-AEA3-B1065D82D23D}" = lport=2869 | protocol=6 | dir=in | app=system | "{CC11EEBD-F0E9-43C3-B787-7DCFCA0EF60C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CE649C20-A7C4-418D-9080-74990C500A0C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CF87B366-A025-4873-A369-86C561B5FDEC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{CFB13FC5-287F-4D9D-A7CF-9D2DB6456F95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{D347674C-5A5B-495F-BA4A-04CB3462232C}" = lport=138 | protocol=17 | dir=in | app=system | "{D3828CAF-C145-43E7-868D-0A75E2969C27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D57BF949-AE76-40B5-9484-369E0A7FAE9F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{DDAB8F5C-B2E2-4F73-902B-C173D5A25187}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{DDB1E0FC-12A4-42AB-8A54-9A2CEE7EB00A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E0B163F4-EA2B-488B-8784-BF5364A39CC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E12AFDC4-D861-4383-9B9B-B1DEF5A21E63}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E60FE32E-2F06-4604-8CD6-63E50DEBC7D1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{E669D472-2764-4616-843F-F2B9389154BF}" = rport=139 | protocol=6 | dir=out | app=system | "{E739A004-0345-4610-A08F-DC5F4A72D50B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E76D0ED4-2F99-46FF-93BD-92B56E1EE9F4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EAA95423-383A-41C3-B7B1-AAAFDB0E2D20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{EB7F0179-80D7-4E83-A7EE-882D1380DAEC}" = lport=139 | protocol=6 | dir=in | app=system | "{EBA68078-EBD1-4405-BE3C-5DCF67A74080}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EBDAF1F6-AD79-4723-9BE5-00BE64A13FFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EC0B0327-457B-4755-BB7E-6FFEB9FB149A}" = rport=445 | protocol=6 | dir=out | app=system | "{ECB547D9-ABF8-4351-B5CA-E56081CC8F20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{ECB87683-4BD0-45F0-80D6-54D09041E7AB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{F6CDAF9F-7D6F-4F26-9023-8A5BCF85A2E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{F72F6D7D-7702-486B-AC84-EA5A222B1628}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{F790E314-FF3E-479B-B9ED-E0507EE9564A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{F87B333A-CEC1-4E67-88E6-717BF831AD1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FA206C15-30DB-4529-B26E-D71AA749D3A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB37109D-772D-44D0-ABE4-83F675DEF834}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FB5A1A88-8DBC-40C0-B916-B0446F28236C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{FBEAF515-083C-44F0-8C15-58625D8B22EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0236D2F0-6D40-4128-A3D7-47E034C15A70}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{07749E15-EBC1-431D-969E-22CF277557AD}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | "{09087FA3-5B42-49E2-8B67-2BFC15EA7365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{0D4807B4-DB09-47A7-AD6B-CC7389CF67A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0DC91BAD-B173-4529-919D-ADFD360D1CBB}" = dir=in | app=en_conquer2.0_5672_p2p.exe | "{0E6A9C3B-76C8-4026-AE57-B51C9EBAED2A}" = protocol=6 | dir=out | app=system | "{11FA61C2-D568-4BE8-A7C7-D095A497BCBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{150F8C5C-8B6C-4F08-AF7B-3A9FC93A690E}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{1EAAA9FA-02AA-4C94-B8B0-EB1B7D4A75FF}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{1FCC02C6-F754-4B24-BB49-42D97A0E9206}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{2AE31A33-F389-46EC-BEED-5185B5A91A3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2B61A2C8-94EF-4662-8185-F7C0CF49B80C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{2EBE009E-72DA-448C-A66E-2EC2B93A1048}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2F6634D1-6564-4E45-8315-A0B199D82399}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2FCE2662-3ED3-476C-8AC5-6D397E5EB7CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{314529B9-794B-4E0F-8274-3854EF161A15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{3223B7E9-E198-4FC4-854C-1D1A17CFCC45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{33CA2EAC-AFF5-4986-9337-6FD52A135A53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{341D414B-6419-4715-85BF-96E69070C9BE}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{3604235A-FD4D-42AB-9899-0BE9FE7D31C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3F2CA85C-B710-417B-A8E2-FD145E80EC69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3FF5B906-2C86-4570-A7D4-56E792D3949F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4270301A-647D-4E4D-BB31-3C0DC4969E4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4692770B-E033-4D5E-8462-A8FC45C05DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{46C72F9F-517B-4941-8618-9DD8AF17285C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{46FBA5CB-FE67-4858-9871-11C8C66F2488}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | "{47BDB793-C6B1-462C-BF3B-554FC51F7B1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47DA8A68-CF15-4170-91BC-6C6AAB9BCEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{50F3C4D2-DD29-4F09-82D3-1D9A0D9B5E38}" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | "{51001564-9174-4F47-B9D7-9EF825CCA686}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{543EC40F-2251-40F0-AC42-0B954E581C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5777879E-3C04-4DD4-AD12-4EE5CF00797F}" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | "{5B7643FE-C568-4D71-B9C9-DD884CCD090C}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{5F20E8F7-3C82-4435-822C-36642980F570}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{60177FEF-4981-4DB6-823E-452DFE688882}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | "{61C9B95C-BD6A-43E9-910B-DF4A3D8EA3E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{65B7588A-B2C7-4EE6-83AC-25A73A47A217}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | "{68EC2B4F-5786-404A-8A7D-074C62F77541}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | "{6F8A3786-B3EA-4ECA-93B1-484D20DA4E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6FA5A6E4-2F6C-4B17-8C05-5DA66BC9CF7A}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | "{709906C2-BE20-4A53-BD72-32AFF4E3B75C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{72894430-DD36-4AC5-BF73-927F26AE98E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{72F22D0F-47E1-4F34-AC5C-BA86CD24DAEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{79DA61A5-D08D-468C-8115-60073C7CA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7BA53642-DB52-4C37-8AE1-D14DBD45777D}" = dir=in | app=c:\users\lenovo\documents\the war z\infestation.exe | "{7CF3CCAF-9B42-4911-9ABF-C04965CC14C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{816699FB-6D9C-4EC0-9FB7-584989A28E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{832FEB0B-703D-4FF3-B2FE-F8E0B1DEC0DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{86949F07-CA66-4B5C-827B-D2B0EB3E9E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{90DC654D-E98C-4C59-A870-49D5139D700A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93D8D874-ACA4-48CC-BF68-143F92E5608A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{944C1815-88E5-4143-ADD9-84145A92E49C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{99CC8BC0-5C1D-4ED0-91C4-37698F2F11E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B75429B-676D-437D-8B5C-D0000C2DA97D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | "{9E20D3AC-47F4-4ECB-BB52-1DECAEFBDD78}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{9E76E761-B500-4C50-8A66-F25B9BDD8E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{A3EA0028-9016-46B4-A8AE-C355CF0407A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A3FF718A-2168-4C2E-969C-46971B888618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A853715F-E5B9-4C88-9307-E732C39EA4E9}" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | "{AE5209E6-2A24-40E3-9A76-5F1F905B502B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B02508A6-1CEB-41B0-9B8D-7E96C2A78F13}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B3E6D370-54F6-40D6-98BA-3D89D71AD74A}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | "{B9D691E2-A07E-44EE-AB47-405BD25867A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAA0AC06-A2AC-42CB-AAFF-49661DF08D14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BB485344-D3A6-4029-B0A3-CA8930EEDDAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C0F3113E-AE20-4C84-AC9B-A7286F6A22C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C624451E-5DCB-40C4-815B-AEDF7E314F85}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | "{CC2751C3-5CF6-4F87-9358-694267571473}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | "{D20EE982-9D73-4101-823E-AEF2BC1C1456}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D2115566-301E-405D-ADDB-EED6FB6B7DA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D871BE7D-5CA8-4CE3-8A37-50C7609660B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{DE49FCFC-4DC4-4EF9-923A-3A20CA15458F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{E1D7AA0C-4C60-45E1-8FB0-3B8F97D672BF}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{E40692C0-2544-43E0-B5C1-B505C1507E77}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | "{EA1F64C2-8D25-439D-9706-F1C6FF0D664A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{ED655BCC-BF1C-4995-891B-A7CA0E2764A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{EE0CF172-8D20-47F9-A1B6-8E2870FDBE40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F31E212D-3FE4-47EF-8FC0-7EE6BA26E3FC}" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | "{F78BCE7A-2BA6-4F63-A16F-F545B44DF7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{FA749B5E-722F-4FF6-8E09-B2281368313B}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | "{FE51F0E4-4DBE-464B-98FA-2230363C1E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{10C9A020-2F34-4484-B30A-14FE28F801D2}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "TCP Query User{1F52B65F-D708-4C5C-881B-256C70001007}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "TCP Query User{3FAE5A84-012A-4C39-9084-64356C4AD1E5}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "TCP Query User{4B51905D-FD8C-40A5-8653-DF9E9C23F675}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | "TCP Query User{53740572-F87D-4CEB-B5C5-B5A229E82EC3}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "TCP Query User{56C97260-924D-49A4-8C61-D881679E621E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{58F3D8DE-BD77-4A24-B2F7-AED72C670861}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "TCP Query User{6055B389-B673-4EC9-8747-4CAB6C9AF35D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "TCP Query User{70E77753-182D-4AB3-8E37-6C971101C4F7}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | "TCP Query User{7A6F41C2-53C0-43F2-A510-FD7AEC7CB812}C:\games\panzar\start.exe" = protocol=6 | dir=in | app=c:\games\panzar\start.exe | "TCP Query User{92ACB85B-21A1-43AF-BFCA-94EFB257EE1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{A4E5788C-0DF2-4CC2-A5D1-4251921C32CE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{B84A213E-FFBD-46CA-9427-76E36AE9F853}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{BAE7D4A4-D742-451A-8084-842B3B1B3030}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "TCP Query User{CF2325C4-D324-4B57-9A2B-B413B4B69331}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{0E576E0A-C59C-496A-ADA0-445B5CA81EDC}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | "UDP Query User{491DBB90-9D2A-4DAE-8E6A-9307D3FED337}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | "UDP Query User{5B630CB1-4E4E-4C07-B07C-5CC62628FC6E}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "UDP Query User{5F825AF1-3788-49C5-B924-B66095259CE0}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | "UDP Query User{615A6871-23B9-4057-98AC-F4EBE0D37A46}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | "UDP Query User{6188F97A-A74E-4FCB-81EF-18EFFD1FB05B}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | "UDP Query User{7521A588-CD8D-47AE-B586-1919AD3FEB6C}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | "UDP Query User{9810CA24-F82D-4D7F-9B9B-B7F78802F7FF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{A3759242-E424-4F85-AEF8-914878F57EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{BEF32B76-B9CD-49DD-9760-56D027630C4A}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "UDP Query User{E3175780-AA0B-4A12-A0B7-FB23019B6BDB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{EE9969C7-5005-4EFC-B74C-66FF538FF797}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "UDP Query User{F24270A3-604C-48B8-B33B-5CF6693DE566}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{F7416C9C-BF49-4F50-A91C-16532D0D092C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{FF0B1C03-70E2-45E5-99D9-6E6655B41882}C:\games\panzar\start.exe" = protocol=17 | dir=in | app=c:\games\panzar\start.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit) "{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap "{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360 "{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English "{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English "{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7811654C-9701-4347-B9DD-7DDB6B47F56A}" = STATISTICA PL 10 (64-bit) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 331.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.0725 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9 "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit "{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}" = Microsoft .NET Framework 4.5 RC "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel "AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English "Autodesk ReCap" = Autodesk ReCap "CCleaner" = CCleaner "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "GIMP-2_is1" = GIMP 2.8.6 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit) "Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion) "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{263CB489-274B-4312-B931-0039A7A4443C}" = Unified Remote "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP(TM)13 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP(TM)13 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1" = Panzar "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014 "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014 "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DEBE760-F2D0-11DD-6784-0195548618BE}" = GameShadow V3.1 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1 "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0 "{BEBC66FC-1EF2-4823-B212-3EAB99161098}_is1" = Knight Elite "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Autodesk Content Service" = Autodesk Content Service "DAEMON Tools Lite" = DAEMON Tools Lite "Dll-Files Fixer_is1" = Dll-Files Fixer "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024 "Driver Updater" = Carambis Driver Updater "ENTERPRISE" = Microsoft Office Enterprise 2007 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "Google Chrome" = Google Chrome "Hitman Absolution_is1" = Hitman Absolution "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0 "LastFM_is1" = Last.fm Scrobbler 2.1.36 "Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC_is1" = Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Maxima-5.28.0-2_is1" = Maxima 5.28.0-2 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.7.8 "Mount&Blade Warband" = Mount&Blade Warband "Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3 Knife_is1" = Mp3 Knife 3.4 "NapiProjekt_is1" = NapiProjekt (2.1.0.2287) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "OpenAL" = OpenAL "Pajączek 5 NxG STD_is1" = Pajączek 5 NxG STD - Deinstalacja "PAYDAY 2_is1" = PAYDAY 2 "Picasa 3" = Picasa 3 "ProInst" = Intel PROSet Wireless "PunkBusterSvc" = PunkBuster Services "Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger (c) Ubisoft version 1 "RealPlayer 16.0" = RealPlayer "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "Spotydl_is1" = Spotydl 0.9.32.0 "State of Decay_R.G. Mechanics_is1" = State of Decay "Steam App 218230" = PlanetSide 2 "Steam App 42910" = Magicka "Steam App 550" = Left 4 Dead 2 "TmNationsForever_is1" = TmNationsForever "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "Webexp Enhanced" = Webexp Enhanced "Winamp" = Winamp "WinLiveSuite" = Podstawowe programy Windows Live "XfireCodec" = Xfire Codec (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify "Wurm Online" = Wurm Online ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-12-27 04:26:27 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-27 15:22:32 | Computer Name = LENOVO-Komputer | Source = MsiInstaller | ID = 11500 Description = Error - 2013-12-27 15:22:34 | Computer Name = LENOVO-Komputer | Source = MsiInstaller | ID = 11500 Description = Error - 2013-12-28 03:56:35 | Computer Name = LENOVO-Komputer | Source = Application Hang | ID = 1002 Description = Program javaw.exe w wersji 6.0.450.6 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 250c Godzina rozpoczęcia: 01cf03a1f85979ad Godzina zakończenia: 109 Ścieżka aplikacji: C:\Program Files (x86)\Java\jre6\bin\javaw.exe Identyfikator raportu: 8fef247e-6f95-11e3-8a94-402cf452c667 Error - 2013-12-29 05:30:20 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-12-29 05:30:38 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-29 05:30:38 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-29 05:46:52 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-12-29 05:47:05 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = Error - 2013-12-29 05:47:05 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073 Description = [ OSession Events ] Error - 2013-02-25 07:00:14 | Computer Name = LENOVO-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 170376 seconds with 1080 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-12-27 15:21:05 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-27 15:21:05 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-27 15:21:06 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-27 15:21:06 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2013-12-27 18:40:07 | Computer Name = LENOVO-Komputer | Source = DCOM | ID = 10010 Description = Error - 2013-12-29 05:25:30 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-29 05:30:20 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Windows Image Acquisition (WIA) zależy od usługi Wykrywanie sprzętu powłoki, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2013-12-29 05:46:11 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Autodesk Content Service. Error - 2013-12-29 05:46:11 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Autodesk Content Service z powodu następującego błędu: %%1053 Error - 2013-12-29 05:46:51 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Windows Image Acquisition (WIA) zależy od usługi Wykrywanie sprzętu powłoki, której nie można uruchomić z powodu następującego błędu: %%1058 < End of report > [/log] [log]OTL logfile created on: 2013-12-29 12:20:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LENOVO\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,69% Memory free 7,89 Gb Paging File | 5,49 Gb Available in Paging File | 69,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,20 Gb Total Space | 82,23 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,84 Gb Total Space | 1,20 Gb Free Space | 65,16% Space Free | Partition Type: FAT Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-12-25 10:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Downloads\OTL.exe PRC - [2013-12-08 18:08:07 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-11-15 09:56:36 | 004,881,624 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire2\Xfire.exe PRC - [2013-11-08 21:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-05-02 09:23:20 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013-04-04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013-01-03 13:05:36 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2011-10-25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2011-10-25 13:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2011-01-29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-01-12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll MOD - [2013-12-04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2013-02-13 12:36:16 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013-01-10 18:29:08 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013-01-10 18:29:08 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013-01-10 09:37:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013-01-10 09:36:42 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-10 09:36:33 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-10 09:36:29 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-10 09:36:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-10 09:36:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-10 09:36:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2011-08-14 13:30:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011-02-16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2011-02-16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-12-08 12:32:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:64bit: - [2013-11-08 21:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:64bit: - [2011-05-12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011-05-02 15:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011-05-02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011-05-02 15:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-12-16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-05-11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-04-30 17:17:38 | 000,104,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011-10-25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-05-31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-10-23 11:30:23 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013-09-28 00:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013-04-04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013-04-03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2013-04-03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2013-04-03 08:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2013-04-03 08:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2013-04-03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2013-01-06 17:25:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-08-14 22:29:45 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011-08-14 22:29:43 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011-08-14 22:22:35 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan) DRV:64bit: - [2011-08-14 22:22:35 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex) DRV:64bit: - [2011-08-14 13:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-08-14 13:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-05-13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011-05-13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011-05-13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011-05-13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011-05-13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011-05-13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011-05-09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011-05-01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011-03-26 02:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-03-21 06:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-01-29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011-01-12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-12-13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010-12-01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-10-15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-03-02 19:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk) DRV:64bit: - [2010-03-02 19:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile) DRV:64bit: - [2009-07-21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_plPL500 IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-01-03 13:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-03 13:05:59 | 000,000,000 | ---D | M] [2013-05-26 22:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Extensions [2013-12-29 10:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions [2013-09-16 22:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013-05-26 22:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013-05-26 22:57:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Wallet = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Spotify Web Helper] C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F810A68-84E5-4561-B3D1-DFEC470A3F73}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6F30F37-AD2C-4EDA-B51D-7BDD9EEF212C}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-12-29 10:38:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-12-29 10:25:30 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-28 08:53:50 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wurm Online [2013-12-27 20:27:11 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013-12-27 20:27:06 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013-12-27 20:27:06 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013-12-27 20:27:06 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013-12-27 20:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-12-27 20:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013-12-27 20:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013-12-26 19:31:38 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx [2013-12-26 19:31:38 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx [2013-12-26 19:31:38 | 000,512,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml.dll [2013-12-26 19:31:38 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx [2013-12-26 19:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic [2013-12-26 19:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Mechanic [2013-12-25 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013-12-25 10:57:09 | 000,000,000 | ---D | C] -- C:\rsit [2013-12-25 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Raporty [2013-12-25 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013-12-15 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis [2013-12-08 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carambis [2013-12-08 12:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO [2013-12-08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013-12-08 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Autodesk [2013-12-08 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk [2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2013-12-08 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2013-12-08 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2013-12-08 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2013-12-08 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Xfire [2013-12-08 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Xfire [2013-12-08 11:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire2 [2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire2 [2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2013-12-08 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2013-12-06 08:51:21 | 000,000,000 | ---D | C] -- C:\Intel ========== Files - Modified Within 30 Days ========== [2013-12-29 12:09:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-29 10:54:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-29 10:54:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-29 10:51:07 | 001,676,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013-12-29 10:51:07 | 000,743,058 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2013-12-29 10:51:07 | 000,656,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013-12-29 10:51:07 | 000,156,786 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2013-12-29 10:51:07 | 000,122,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013-12-29 10:45:58 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-29 10:45:39 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013-12-29 10:45:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013-12-29 10:45:20 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013-12-28 08:53:50 | 000,002,029 | ---- | M] () -- C:\Users\LENOVO\Desktop\Wurm Online.lnk [2013-12-27 20:27:02 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013-12-27 20:27:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013-12-27 20:27:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013-12-27 20:27:02 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013-12-26 19:31:38 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2013-12-16 22:12:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-12-16 22:10:59 | 000,064,103 | ---- | M] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg [2013-12-08 17:56:54 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Driver Updater.lnk [2013-12-08 17:39:25 | 000,509,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013-12-08 17:20:20 | 017,053,578 | ---- | M] () -- C:\Users\LENOVO\Desktop\SIPS.rar [2013-12-08 12:37:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013-12-08 12:36:31 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013-12-08 12:33:23 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013-12-08 12:32:02 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk [2013-12-08 12:24:42 | 001,649,090 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013-12-08 12:14:26 | 000,001,061 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2013-12-08 11:37:09 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2013-12-08 11:35:20 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk ========== Files Created - No Company Name ========== [2013-12-26 19:31:38 | 000,040,408 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe [2013-12-26 19:31:38 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2013-12-16 22:10:58 | 000,064,103 | ---- | C] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg [2013-12-08 17:56:54 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Updater.lnk [2013-12-08 17:20:19 | 017,053,578 | ---- | C] () -- C:\Users\LENOVO\Desktop\SIPS.rar [2013-12-08 12:37:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013-12-08 12:36:31 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013-12-08 12:33:23 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013-12-08 12:32:02 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk [2013-12-08 12:14:25 | 000,001,061 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2013-12-08 11:37:09 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2013-12-08 11:35:20 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-10-16 20:55:56 | 000,000,977 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\recently-used.xbel [2013-09-21 17:27:26 | 000,007,606 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg [2013-07-07 15:08:38 | 000,000,331 | ---- | C] () -- C:\windows\game.ini [2013-02-05 16:52:54 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2013-02-05 16:52:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2013-02-05 16:52:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2013-02-05 16:52:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2013-02-05 16:52:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2013-01-02 22:57:03 | 000,000,367 | ---- | C] () -- C:\Program Files (x86)\conquer.ini [2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2012-12-01 17:24:36 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012-12-01 17:24:35 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2012-10-12 01:50:40 | 000,049,738 | ---- | C] () -- C:\Program Files (x86)\AutoMapa EU.md5 [2012-09-29 23:50:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012-09-29 23:50:28 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2012-09-29 23:50:28 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll [2012-09-29 23:50:28 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012-09-29 23:50:26 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012-09-22 12:51:41 | 000,361,096 | ---- | C] () -- C:\windows\SysWow64\lead3dengine.dll [2012-09-08 23:09:27 | 000,000,243 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\GPU Meter_Settings.ini [2012-09-08 23:08:01 | 000,000,532 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\All CPU MeterV3_Settings.ini ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-12-26 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft [2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium [2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre [2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software [2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite [2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com [2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture [2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster [2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView [2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient [2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone [2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband [2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt [2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung [2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client [2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland [2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify [2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl [2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay [2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft [2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP [2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client [2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote [2013-12-29 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent [2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net [2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < C:\*.* > [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2013-12-08 13:23:15 | 002,384,644 | ---- | M] () -- C:\FaceProv.log [2013-12-29 10:45:20 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013-12-29 10:45:26 | 4236,099,584 | -HS- | M] () -- C:\pagefile.sys [2011-08-14 21:59:35 | 000,002,150 | ---- | M] () -- C:\RHDSetup.log [2013-05-14 07:15:32 | 000,357,814 | ---- | M] () -- C:\SDK Manager.exe [2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009-07-14 06:08:49 | 000,032,604 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2011-08-14 22:20:05 | 000,001,058 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2011-08-14 22:20:05 | 000,001,062 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2013-06-03 11:08:43 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job < D:\*.* > [1 D:\*.tmp files -> D:\*.tmp -> ] < E:\*.* > < F:\*.* > [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () -- F:\autorun.inf [2012-09-29 13:15:12 | 000,023,558 | R--- | M] () -- F:\icon.ico [2012-09-28 18:48:08 | 998,655,488 | R--- | M] () -- F:\setup-1.bin [2012-09-28 18:57:55 | 1000,000,000 | R--- | M] () -- F:\setup-2.bin [2012-09-28 19:04:53 | 1000,000,000 | R--- | M] () -- F:\setup-3.bin [2012-09-28 19:09:14 | 1000,000,000 | R--- | M] () -- F:\setup-4.bin [2012-09-28 19:15:34 | 1000,000,000 | R--- | M] () -- F:\setup-5.bin [2012-09-28 19:23:50 | 1000,000,000 | R--- | M] () -- F:\setup-6.bin [2012-09-28 19:25:09 | 072,691,766 | R--- | M] () -- F:\setup-7.bin [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) -- F:\Setup.exe < G:\*.* > [2013-11-11 11:11:02 | 000,000,512 | -H-- | M] () -- G:\NIKON001.DSC [2011-11-21 21:22:42 | 000,022,059 | ---- | M] () -- G:\1.5Sciaga - bramki logiczne (kolos 2).docx [2011-11-21 21:22:44 | 000,510,432 | ---- | M] () -- G:\1.6Sciaga - klad sterowania silnikiem (kolos 2).docx [2011-11-21 21:22:44 | 000,054,272 | ---- | M] () -- G:\ciaga - bramki logiczne (kolos 2).doc [2011-11-21 21:22:46 | 003,208,192 | ---- | M] () -- G:\ciaga - klad sterowania silnikiem (kolos 2).doc [2013-12-05 13:36:58 | 000,181,078 | ---- | M] () -- G:\sciaga new.docx [2013-12-08 23:19:06 | 000,385,536 | ---- | M] () -- G:\PID Grupa 3 (1).doc < H:\*.* > < %ALLUSERSPROFILE%\Application Data\*. > < %APPDATA%\*. > [2013-12-26 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft [2013-03-25 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Adobe [2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk [2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium [2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre [2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis [2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software [2012-09-06 08:49:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\CyberLink [2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite [2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com [2013-10-30 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dvdcss [2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture [2012-09-06 19:00:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Google [2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster [2012-08-20 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Identities [2012-08-20 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel [2012-08-20 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel Corporation [2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView [2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient [2013-03-18 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Macromedia [2013-05-20 09:21:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Malwarebytes [2011-02-22 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Center Programs [2013-12-04 16:07:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Player Classic [2013-12-08 19:49:43 | 000,000,000 | --SD | M] -- C:\Users\LENOVO\AppData\Roaming\Microsoft [2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone [2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband [2013-05-26 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mozilla [2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt [2013-03-17 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NVIDIA [2013-03-24 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Real [2013-01-03 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\RealNetworks [2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung [2012-09-08 07:58:53 | 000,000,000 | RH-D | M] -- C:\Users\LENOVO\AppData\Roaming\SecuROM [2013-07-14 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Skype [2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client [2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland [2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify [2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl [2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay [2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft [2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP [2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client [2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote [2013-12-29 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent [2013-12-22 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\vlc [2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net [2013-12-01 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Winamp [2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer [2012-09-06 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\WinRAR [2013-12-29 10:46:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Xfire < %SYSTEMDRIVE%\*. /mp /s > < MD5 for: AGP440.SYS > [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: BEEP.SYS > [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys < MD5 for: EXPLORER.EXE > [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: NTFS.SYS > [2010-11-21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys [2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys [2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys [2012-08-31 18:57:17 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys [2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\windows\SysNative\drivers\ntfs.sys [2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys < MD5 for: SVCHOST.EXE > [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe [2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < %systemroot%\system32\ws2_32.dll /md5 > [2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\windows\system32\ws2_32.dll < %systemroot%\system32\kernel32.dll /md5 > [2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\windows\system32\kernel32.dll < %systemroot%\system32\user32.dll /md5 > [2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\windows\system32\user32.dll < %systemroot%\Tasks\*.* /lockedfiles > [2013-09-27 23:04:08 | 000,032,604 | ---- | M] () Unable to obtain MD5 -- C:\windows\Tasks\SCHEDLGU.TXT ========== Restore Points Found ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Users\All Users] -> -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\Users\All Users\Temp:D1B5B4F1 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\Users\All Users\Temp:373E1720 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 < End of report > [/log] Niestety nie dałem rady użyć SPTD bo wywaliło błąd że platforma nie jest obsługiwana :/ Ale skanowanie zrobilem pomimo to GMER [log]GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-29 13:08:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM1 728,45GB Running: ey9i6mux.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\kfrdapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8b34da4 7 bytes JMP 000007fff8b200d8 .text C:\windows\system32\Dwm.exe[1200] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8b59af4 7 bytes JMP 000007fff8b20110 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 5 bytes JMP 000007fffd5b00b8 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5b0038 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 5 bytes JMP 000007fffd5b0138 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb49a38c 5 bytes JMP 000007fefd5b02b8 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb4b4b60 5 bytes JMP 000007fefd5b0238 .text C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb4b4ba0 5 bytes JMP 000007fefd5b01b8 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\windows\system32\taskeng.exe[1784] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb49a38c 5 bytes JMP 000007fefd5a02b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb4b4b60 5 bytes JMP 000007fefd5a0238 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000074aa48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000074aa4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000074aa4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000074979d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb49a38c 5 bytes JMP 000007fefd5a02b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb4b4b60 5 bytes JMP 000007fefd5a0238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb49a38c 5 bytes JMP 000007fefd5a02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb4b4b60 5 bytes JMP 000007fefd5a0238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000074aa48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000074aa4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000074aa4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000074979d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000074aa48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000074aa4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000074aa4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000074aa48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000074aa4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000074aa4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000074979d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000709b1a22 2 bytes [9B, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000709b1ad0 2 bytes [9B, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000709b1b08 2 bytes [9B, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000709b1bba 2 bytes [9B, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000709b1bda 2 bytes [9B, 70] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\windows\SysWOW64\RunDll32.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\windows\SysWOW64\RunDll32.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb49a38c 5 bytes JMP 000007fefd5a02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb4b4b60 5 bytes JMP 000007fefd5a0238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8 ? C:\windows\system32\mssprxy.dll [3568] entry point in ".rdata" section 00000000718a71e6 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef23c2460 5 bytes JMP 000007fefd5b02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef23f96b0 6 bytes JMP 000007fefd5b0298 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007680af40 7 bytes JMP 000000016fff0260 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000076814a60 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076816f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegDeleteValueW 0000000076832990 5 bytes JMP 000000016fff01f0 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007683efe0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000768699b0 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000768794d0 5 bytes JMP 000000016fff0180 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076879640 5 bytes JMP 000000016fff0110 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegSetValueExA 000000007689a500 7 bytes JMP 000000016fff0228 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5c9940 6 bytes JMP 000007fffd5b0148 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5ca150 5 bytes JMP 000007fffd5b0110 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdf87490 11 bytes JMP 000007fffd5b0228 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef889e0 8 bytes JMP 000007fffd5b01f0 .text C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef8be40 8 bytes JMP 000007fffd5b01b8 .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000074aa48fb 5 bytes JMP 0000000110002710 .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000074aa4913 5 bytes JMP 00000001100027f0 .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000074aa4945 5 bytes JMP 0000000110002780 .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000074979d0b 5 bytes JMP 0000000110002850 .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ca1465 2 bytes [CA, 74] .text C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ca14bb 2 bytes [CA, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\windows\SysWOW64\ntdll.dll [2992:2996] 0000000000f00440 Thread C:\windows\SysWOW64\ntdll.dll [2992:3092] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3096] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3100] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3104] 00000000739b62ee Thread C:\windows\SysWOW64\ntdll.dll [2992:3260] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3264] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3344] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3384] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3508] 0000000000d76a20 Thread C:\windows\SysWOW64\ntdll.dll [2992:3512] 0000000000d76bb0 Thread C:\windows\SysWOW64\ntdll.dll [2992:3636] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3632] 0000000071dcc59c Thread C:\windows\SysWOW64\ntdll.dll [2992:3772] 000000007072a3e0 Thread C:\windows\SysWOW64\ntdll.dll [2992:4672] 0000000072f232fb Thread C:\windows\SysWOW64\ntdll.dll [2992:4704] 00000000707227c1 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:5788] 000007fefb9b2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:5352] 000007feecc7d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:6004] 000007fef25c5124 Thread C:\windows\System32\svchost.exe [5716:1336] 000007feee099688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667@d0c1b132993e 0x1E 0xEE 0x1D 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667@50e8000b95db 0xAD 0x58 0x2C 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x12 0x78 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0x3C 0x1B 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x88 0x22 0x31 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667@d0c1b132993e 0x1E 0xEE 0x1D 0xFE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667@50e8000b95db 0xAD 0x58 0x2C 0x90 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x12 0x78 0x5F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0x3C 0x1B 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x88 0x22 0x31 ... ---- EOF - GMER 2.1 ---- [/log] Czy któreś z aplikacji jeszcze są nie potrzebne chodzi mi o te od producenta Lenovo
Natsuki Kuga komentarz 1 stycznia 2014 komentarz 1 stycznia 2014 Czy któreś z aplikacji jeszcze są nie potrzebne chodzi mi o te od producenta Lenovo Ja ich tu zbyt wiele nie widzę, myślę, że z nich korzystasz. ;) Nie wstawiłem więcej logów bo niestety nie dałem rady nie wiem dlaczego. Możesz się posiłkować stroną wklej.org :) Tak przy okazji patrząc jeszcze w dzienniki zdarzeń: Error - 2013-12-28 03:56:35 | Computer Name = LENOVO-Komputer | Source = Application Hang | ID = 1002 Description = Program javaw.exe w wersji 6.0.450.6 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 250c Godzina rozpoczęcia: 01cf03a1f85979ad Godzina zakończenia: 109 Ścieżka aplikacji: C:\Program Files (x86)\Java\jre6\bin\javaw.exe Identyfikator raportu: 8fef247e-6f95-11e3-8a94-402cf452c667 Ta java jest już mocno przestarzała i tylko powoduje konflikty. Jeśli w ogóle z niej nie korzystasz, to odinstaluj wersję 6 i zostaw tę Javę 7, którą już masz. Pokaż jeszcze screen z DiskCrystalInfo: http://crystalmark.info/software/CrystalDiskInfo/index-e.html
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.