iwan59 utworzono 13 stycznia 2014 utworzono 13 stycznia 2014 Witam, proszę o sprawdzenie logów. Komputer ma odczuwalny spadek wydajności i często się zawiesza. Poniżej załączam logi. Pozdrawiam, Mateusz OTL - OTL.txt [log] OTL logfile created on: 2014-01-13 07:54:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mateusz\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 44,99% Memory free 22,00 Gb Paging File | 18,97 Gb Available in Paging File | 86,23% Paging File free Paging file location(s): c:\pagefile.sys 6144 7168d:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 66,28 Gb Total Space | 6,10 Gb Free Space | 9,21% Space Free | Partition Type: NTFS Drive D: | 399,37 Gb Total Space | 163,21 Gb Free Space | 40,87% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 28,65 Gb Free Space | 3,08% Space Free | Partition Type: NTFS Computer Name: PIERDOLNIK | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-01-13 07:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Desktop\OTL.exe PRC - [2013-12-18 02:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013-12-11 10:52:34 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-10-29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\Mateusz\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2013-10-24 11:58:32 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2013-10-09 04:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-03-28 21:08:14 | 000,389,120 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2013-03-15 20:28:12 | 004,683,768 | ---- | M] (Almico Software (www.almico.com)) -- D:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2012-12-21 15:03:42 | 000,144,008 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe PRC - [2011-10-28 16:22:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2011-10-28 16:22:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-02-15 17:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- D:\Program Files\Prey\platform\windows\cronsvc.exe PRC - [2010-03-25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009-09-23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- d:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2007-12-24 00:26:32 | 002,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- D:\Program Files (x86)\PDFCreator\PDFCreator.exe ========== Modules (No Company Name) ========== MOD - [2014-01-13 07:43:29 | 000,192,512 | ---- | M] () -- C:\Users\Mateusz\AppData\Local\Temp\sfamcc00001.dll MOD - [2014-01-13 07:43:29 | 000,158,720 | ---- | M] () -- C:\Users\Mateusz\AppData\Local\Temp\sfareca00001.dll MOD - [2013-12-18 02:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2013-08-23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013-03-28 21:07:46 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll MOD - [2007-11-28 17:59:42 | 003,702,784 | ---- | M] () -- d:\Program Files (x86)\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-11-26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013-10-23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013-10-23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012-12-19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-12-26 12:51:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-11-24 17:33:56 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-10-24 11:58:32 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2013-10-09 04:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-19 14:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-03-28 21:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- d:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012-12-21 15:03:42 | 000,144,008 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger) SRV - [2011-10-28 16:22:56 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011-10-28 16:22:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-08-03 11:07:43 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-08-02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service) SRV - [2011-02-15 17:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- D:\Program Files\Prey\platform\windows\cronsvc.exe -- (CronService) SRV - [2010-03-25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-05-31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006-10-26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-10-28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013-10-28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013-09-27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013-06-29 13:00:05 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013-06-29 13:00:05 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2013-02-14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013-02-12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012-12-27 01:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012-12-19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012-12-19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-12-19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-12-13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012-11-29 11:50:06 | 000,073,552 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE) DRV:64bit: - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012-03-26 22:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-11-04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011-05-06 13:30:20 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2011-05-06 13:30:18 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2011-03-24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011-03-24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-29 04:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010-10-21 14:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010-09-15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010-08-31 12:23:30 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6) DRV:64bit: - [2010-06-17 17:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010-02-18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009-08-21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007-06-14 17:33:40 | 000,526,848 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302) DRV:64bit: - [2006-12-13 17:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2006-12-04 09:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV - [2012-10-25 18:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3) DRV - [2012-04-09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- d:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012-04-09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2011-03-24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011-03-24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011-01-06 11:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7576v3B0\NTIOLib_X64.sys -- (NTIOLib_1_0_6) DRV - [2010-10-22 09:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2010-04-12 10:36:26 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter) DRV - [2010-01-29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-10-11 14:58:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-03-05 21:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J) DRV - [2008-12-19 03:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_pl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: d:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: d:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: d:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-04 17:39:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013-11-24 17:33:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013-12-27 11:03:19 | 000,000,000 | ---D | M] [2012-02-11 14:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions [2013-10-11 08:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\jxjqsb00.default\extensions [2013-02-09 15:23:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\jxjqsb00.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: vShare.tv plug-in (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npffvsharetvplg.dll CHR - plugin: LiveVDO plug-in (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll CHR - plugin: LiveVDO plug-in (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: National Instruments LabVIEW 8.5 Netscape Plug-in for Windows (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nplv85win32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Samsung Link PC Plugin (Enabled) = D:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll CHR - plugin: Picasa (Enabled) = d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: RayV Plugin (Enabled) = d:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll CHR - plugin: Veetle TV Player (Enabled) = d:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = d:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - Extension: Google Translate = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\ CHR - Extension: Przelewy24 = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlghgifgkapabijdmenlghpcjhaojnp\5.11_0\ CHR - Extension: Angry Birds = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Kalendarz = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlmhkflbgjoeeophdjheadfljoielhi\1.1_0\ CHR - Extension: MindMeister = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.3_0\ CHR - Extension: Turn Off the Lights = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\ CHR - Extension: YouTube = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: DuckDuckGo for Chrome = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_1\ CHR - Extension: Adblock Plus = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\ CHR - Extension: Szukaj w Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Tampermonkey = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0\ CHR - Extension: Google+ = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\ CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: Kalendarz Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Photo Zoom for Facebook = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\ CHR - Extension: Rapideo.pl = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpdjcjlbmambiaahbcjphfdnpclaeec\0.14.0_0\ CHR - Extension: Dodatek Google Analytics Opt-out firmy Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\ CHR - Extension: HTTPS Everywhere = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\ CHR - Extension: AdBlock = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: TinEye Reverse Image Search = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.4_0\ CHR - Extension: Dropbox = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\ CHR - Extension: Cookie Manager = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\ CHR - Extension: BugMeNot Lite = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.10_0\ CHR - Extension: Mapy Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Sprawdzanie poczty Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Ghostery = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_1\ CHR - Extension: Plants vs Zombies = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Facebook Notifications = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Wallet = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Picasa = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\ CHR - Extension: Instagram for Chrome = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.3.2_0\ CHR - Extension: LiveVDO plugin = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ CHR - Extension: Gmail = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-12-20 16:17:27 | 000,001,157 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 nero.com O1 - Hosts: 127.0.0.1 www.nero.com O1 - Hosts: 127.0.0.1 activate.nero.com O1 - Hosts: 127.0.0.1 www.activate.nero.com O1 - Hosts: 127.0.0.1 nero.de O1 - Hosts: 127.0.0.1 www.nero.de O1 - Hosts: 127.0.0.1 activate.nero.de O1 - Hosts: 127.0.0.1 www.activate.nero.de### O1 - Hosts: 67.211.196.139 ok.ru O1 - Hosts: 67.211.196.139 m.ok.ru O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk = D:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge http://www.pdfforge.org/) O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = D:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.204.204.204 62.233.233.233 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0FFEDEA-8397-4A1A-B901-3824AFF30540}: DhcpNameServer = 87.204.204.204 62.233.233.233 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{31221dd8-dcd5-11e2-8e1c-1a2b3c4d5e6f}\Shell - "" = AutoRun O33 - MountPoints2\{3d8da20c-d4a4-11e0-9af6-406186363093}\Shell - "" = AutoRun O33 - MountPoints2\{4d8cc38d-68ca-11e3-9e02-1a2b3c4d5e6f}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-01-13 07:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mateusz\Desktop\OTL.exe [2014-01-13 07:51:58 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Mateusz\Desktop\dds.com [2014-01-04 15:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2014-01-04 15:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014-01-04 15:02:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-01-04 15:02:05 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-01-04 15:02:05 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-01-04 15:02:05 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-01-04 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [2014-01-04 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014-01-02 16:58:34 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\Tipard Studio [2014-01-02 16:58:05 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Tipard Studio [2013-12-29 11:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2014 Patch [2013-12-28 17:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Splashtop [2013-12-28 17:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013-12-28 17:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote [2013-12-28 17:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2013-12-27 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\Snagit [2013-12-27 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\CV [2013-12-27 09:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager [2013-12-26 12:05:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2013-12-26 12:05:10 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\Sports Interactive [2013-12-22 23:14:08 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Malwarebytes [2013-12-22 23:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013-12-22 23:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013-12-22 23:13:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013-12-19 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013-12-19 10:23:46 | 000,000,000 | ---D | C] -- C:\Temp [2013-12-19 10:15:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013-12-19 10:15:17 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\samsung [2013-12-16 12:55:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013-12-16 12:55:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-16 12:55:16 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-16 12:55:16 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-16 12:55:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-12-16 12:55:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-16 12:55:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013-12-16 12:55:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-16 12:55:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-12-16 12:55:15 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013-12-16 12:55:15 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013-12-16 12:55:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013-12-16 12:55:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-12-16 12:55:12 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-12-16 12:55:09 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-12-16 12:55:07 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-14 19:18:32 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013-12-14 19:15:27 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-14 19:15:27 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-14 19:15:25 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-14 19:15:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-14 19:15:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-14 19:15:24 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-14 19:15:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-14 19:15:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-14 19:15:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-14 19:15:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-14 19:15:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-14 19:15:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-14 19:15:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-14 19:15:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-14 19:15:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-14 19:15:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-14 19:15:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-14 19:15:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-14 19:15:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-14 19:15:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-14 19:15:23 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-14 19:15:23 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-14 19:15:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-14 19:15:23 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-14 19:15:23 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-14 19:15:23 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-14 19:15:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-14 19:15:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-14 19:15:23 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-14 19:15:23 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-14 19:15:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-14 19:15:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-14 19:15:23 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-14 19:15:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-14 19:15:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-14 19:15:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-14 19:15:22 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-14 19:15:22 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-14 19:15:22 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-14 19:15:22 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-14 19:15:22 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-14 19:15:22 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-14 19:15:22 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-14 19:15:22 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-14 19:15:22 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-14 19:15:22 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-14 19:15:22 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-14 19:15:22 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-14 19:15:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-14 19:15:22 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-14 19:15:22 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-14 19:15:22 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-14 19:15:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-14 19:15:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-14 19:15:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-14 19:15:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-14 19:15:22 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-14 19:15:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-14 19:15:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-14 19:15:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-14 19:15:21 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-14 19:15:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-14 19:15:21 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-14 19:15:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-12-14 13:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012-05-24 14:46:03 | 000,790,528 | ---- | C] (MediaArea.net) -- C:\Users\Mateusz\MediaInfo.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014-01-13 07:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Desktop\OTL.exe [2014-01-13 07:52:36 | 000,935,175 | ---- | M] () -- C:\Users\Mateusz\Desktop\RSITx64.exe [2014-01-13 07:52:07 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Mateusz\Desktop\dds.com [2014-01-13 07:51:37 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-01-13 07:51:37 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-01-13 07:43:03 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2014-01-13 07:42:51 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-01-13 07:42:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-01-13 07:42:15 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2014-01-12 21:12:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000UA.job [2014-01-12 21:05:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-01-12 21:03:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-01-12 20:12:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000Core.job [2014-01-12 16:38:53 | 001,673,492 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-01-12 16:38:53 | 000,743,380 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-01-12 16:38:53 | 000,656,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-01-12 16:38:53 | 000,157,046 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-01-12 16:38:53 | 000,123,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-01-02 18:53:54 | 000,001,009 | ---- | M] () -- C:\Users\Mateusz\Desktop\Dropbox.lnk [2014-01-02 18:48:36 | 000,001,019 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-27 14:34:00 | 000,000,513 | ---- | M] () -- C:\Users\Mateusz\Desktop\The Walking Dead.lnk [2013-12-27 14:32:51 | 000,002,230 | ---- | M] () -- C:\Users\Mateusz\Desktop\Google Chrome.lnk [2013-12-27 12:24:59 | 002,123,243 | ---- | M] () -- C:\Users\Mateusz\Documents\BackupRegistryCleaner(20131227).reg [2013-12-27 11:18:57 | 000,438,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-12-27 10:10:40 | 000,004,995 | ---- | M] () -- C:\Windows\MC9.INI [2013-12-26 14:06:31 | 000,000,501 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2014.lnk [2013-12-26 13:35:15 | 000,000,815 | ---- | M] () -- C:\Users\Mateusz\Desktop\PESEdit.com 2014 Patch.lnk [2013-12-26 12:51:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-12-26 12:51:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-12-14 19:15:27 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-14 19:15:27 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-14 19:15:25 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-14 19:15:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-14 19:15:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-14 19:15:24 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-14 19:15:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-14 19:15:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-14 19:15:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-14 19:15:24 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-14 19:15:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-14 19:15:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-14 19:15:24 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-14 19:15:24 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-14 19:15:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-14 19:15:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-14 19:15:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-14 19:15:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-14 19:15:24 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-14 19:15:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-14 19:15:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-14 19:15:23 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-14 19:15:23 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-14 19:15:23 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-14 19:15:23 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-14 19:15:23 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-14 19:15:23 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-14 19:15:23 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-14 19:15:23 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-14 19:15:23 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-14 19:15:23 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-14 19:15:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-14 19:15:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-14 19:15:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-14 19:15:23 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-14 19:15:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-14 19:15:23 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-14 19:15:22 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-14 19:15:22 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-14 19:15:22 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-14 19:15:22 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-14 19:15:22 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-14 19:15:22 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-14 19:15:22 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-14 19:15:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-14 19:15:22 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-14 19:15:22 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-14 19:15:22 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-14 19:15:22 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-14 19:15:22 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-14 19:15:22 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-14 19:15:22 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-14 19:15:22 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-14 19:15:22 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-14 19:15:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-14 19:15:22 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-14 19:15:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-14 19:15:22 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-14 19:15:22 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-14 19:15:22 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013-12-14 19:15:22 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-14 19:15:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-14 19:15:21 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-14 19:15:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-14 19:15:21 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-14 19:15:21 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-01-13 07:54:14 | 000,377,856 | ---- | C] () -- C:\Users\Mateusz\Desktop\gmer.exe [2014-01-13 07:52:31 | 000,935,175 | ---- | C] () -- C:\Users\Mateusz\Desktop\RSITx64.exe [2014-01-02 18:53:54 | 000,001,009 | ---- | C] () -- C:\Users\Mateusz\Desktop\Dropbox.lnk [2014-01-02 18:48:36 | 000,001,019 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-27 14:35:07 | 000,002,829 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Visio 2010.lnk [2013-12-27 14:35:07 | 000,002,739 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office Outlook 2007.lnk [2013-12-27 14:35:07 | 000,002,689 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office Excel 2007.lnk [2013-12-27 14:35:07 | 000,002,677 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office PowerPoint 2007.lnk [2013-12-27 14:35:07 | 000,002,669 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office Access 2007.lnk [2013-12-27 14:35:07 | 000,002,631 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office Publisher 2007.lnk [2013-12-27 14:35:07 | 000,002,585 | ---- | C] () -- C:\Users\Mateusz\Desktop\SyncToy 2.1(x64).lnk [2013-12-27 14:35:07 | 000,001,523 | ---- | C] () -- C:\Users\Mateusz\Desktop\Virtual Windows XP.lnk [2013-12-27 14:35:07 | 000,001,228 | ---- | C] () -- C:\Users\Mateusz\Desktop\EVEREST Ultimate Edition.lnk [2013-12-27 14:35:07 | 000,001,181 | ---- | C] () -- C:\Users\Mateusz\Desktop\M-IDE Studio for MCS-51.lnk [2013-12-27 14:35:07 | 000,001,145 | ---- | C] () -- C:\Users\Mateusz\Desktop\uTorrent.lnk [2013-12-27 14:35:07 | 000,000,832 | ---- | C] () -- C:\Users\Mateusz\Desktop\CodeBlocks.lnk [2013-12-27 14:35:07 | 000,000,804 | ---- | C] () -- C:\Users\Mateusz\Desktop\Picasa 3.lnk [2013-12-27 14:35:07 | 000,000,785 | ---- | C] () -- C:\Users\Mateusz\Desktop\EDWinXP - Main.LNK [2013-12-27 14:35:07 | 000,000,749 | ---- | C] () -- C:\Users\Mateusz\Desktop\Notepad++.lnk [2013-12-27 14:35:07 | 000,000,663 | ---- | C] () -- C:\Users\Mateusz\Desktop\EdSim51.lnk [2013-12-27 14:34:58 | 000,001,629 | ---- | C] () -- C:\Users\Mateusz\Desktop\Plants Vs Zombies.lnk [2013-12-27 14:34:58 | 000,001,299 | ---- | C] () -- C:\Users\Mateusz\Desktop\Worms Reloaded.lnk [2013-12-27 14:34:58 | 000,001,184 | ---- | C] () -- C:\Users\Mateusz\Desktop\Need For Speed The Run.lnk [2013-12-27 14:34:58 | 000,001,121 | ---- | C] () -- C:\Users\Mateusz\Desktop\Walking Dead Episode 1.lnk [2013-12-27 14:34:58 | 000,001,029 | ---- | C] () -- C:\Users\Mateusz\Desktop\Dead Island.lnk [2013-12-27 14:34:58 | 000,000,964 | ---- | C] () -- C:\Users\Mateusz\Desktop\Battlefield 3™.lnk [2013-12-27 14:34:58 | 000,000,953 | ---- | C] () -- C:\Users\Mateusz\Desktop\Call of Juarez The Cartel.lnk [2013-12-27 14:34:58 | 000,000,893 | ---- | C] () -- C:\Users\Mateusz\Desktop\L.A. Noire.lnk [2013-12-27 14:34:58 | 000,000,891 | ---- | C] () -- C:\Users\Mateusz\Desktop\Saints Row The Third.lnk [2013-12-27 14:34:58 | 000,000,868 | ---- | C] () -- C:\Users\Mateusz\Desktop\Tombraider.lnk [2013-12-27 14:34:58 | 000,000,840 | ---- | C] () -- C:\Users\Mateusz\Desktop\F.E.A.R. 3.lnk [2013-12-27 14:34:58 | 000,000,823 | ---- | C] () -- C:\Users\Mateusz\Desktop\Angry Birds Star Wars.lnk [2013-12-27 14:34:58 | 000,000,815 | ---- | C] () -- C:\Users\Mateusz\Desktop\Pro Evolution Soccer 2013.lnk [2013-12-27 14:34:58 | 000,000,810 | ---- | C] () -- C:\Users\Mateusz\Desktop\Angry Birds Seasons.lnk [2013-12-27 14:34:58 | 000,000,794 | ---- | C] () -- C:\Users\Mateusz\Desktop\Angry Birds Space.lnk [2013-12-27 14:34:58 | 000,000,786 | ---- | C] () -- C:\Users\Mateusz\Desktop\Portal 2.lnk [2013-12-27 14:34:58 | 000,000,778 | ---- | C] () -- C:\Users\Mateusz\Desktop\Angry Birds Rio.lnk [2013-12-27 14:34:58 | 000,000,749 | ---- | C] () -- C:\Users\Mateusz\Desktop\Bad Piggies.lnk [2013-12-27 14:34:58 | 000,000,749 | ---- | C] () -- C:\Users\Mateusz\Desktop\Angry Birds.lnk [2013-12-27 14:34:58 | 000,000,711 | ---- | C] () -- C:\Users\Mateusz\Desktop\Need for Speed Most Wanted.lnk [2013-12-27 14:34:58 | 000,000,218 | ---- | C] () -- C:\Users\Mateusz\Desktop\Counter-Strike.url [2013-12-27 14:34:08 | 000,001,018 | ---- | C] () -- C:\Users\Mateusz\Desktop\Duke Nukem Forever.lnk [2013-12-27 14:34:00 | 000,000,593 | ---- | C] () -- C:\Users\Mateusz\Desktop\The Walking Dead Survival Instinct.lnk [2013-12-27 14:34:00 | 000,000,513 | ---- | C] () -- C:\Users\Mateusz\Desktop\The Walking Dead.lnk [2013-12-27 14:33:53 | 000,000,888 | ---- | C] () -- C:\Users\Mateusz\Desktop\Street Fighter X Tekken.lnk [2013-12-27 14:33:16 | 000,000,573 | ---- | C] () -- C:\Users\Mateusz\Desktop\Total Commander.lnk [2013-12-27 14:33:13 | 000,002,691 | ---- | C] () -- C:\Users\Mateusz\Desktop\Microsoft Office Word 2007.lnk [2013-12-27 14:33:11 | 000,000,654 | ---- | C] () -- C:\Users\Mateusz\Desktop\IrfanView 4.10.lnk [2013-12-27 14:32:51 | 000,002,230 | ---- | C] () -- C:\Users\Mateusz\Desktop\Google Chrome.lnk [2013-12-27 12:24:34 | 002,123,243 | ---- | C] () -- C:\Users\Mateusz\Documents\BackupRegistryCleaner(20131227).reg [2013-12-26 14:06:31 | 000,000,501 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2014.lnk [2013-12-26 13:12:16 | 000,000,815 | ---- | C] () -- C:\Users\Mateusz\Desktop\PESEdit.com 2014 Patch.lnk [2013-12-26 11:56:47 | 000,000,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Football Manager 2014.lnk [2013-12-14 19:15:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-14 19:15:22 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013-06-08 10:12:33 | 000,000,169 | ---- | C] () -- C:\Windows\wcx_ftp.ini [2013-06-08 09:54:07 | 000,000,600 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\winscp.rnd [2013-05-15 14:16:21 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI [2013-03-29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-03-29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-01-12 20:30:38 | 000,004,995 | ---- | C] () -- C:\Windows\MC9.INI [2012-12-25 12:55:17 | 000,000,512 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-11-27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-07-15 10:43:46 | 000,000,640 | RHS- | C] () -- C:\Users\Mateusz\ntuser.pol [2012-03-28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-03-18 23:30:17 | 000,001,778 | ---- | C] () -- C:\Users\Mateusz\gdbtk.ini [2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011-05-31 15:42:40 | 000,000,564 | ---- | C] () -- C:\Users\Mateusz\.packettracer [2011-05-30 20:55:28 | 000,007,628 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\Resmon.ResmonCfg [2011-05-29 20:13:02 | 000,071,680 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\chrtmp [2011-05-26 21:17:25 | 000,038,440 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Wartości oddzielone przecinkami (DOS).ADR [2011-05-26 21:13:14 | 000,038,427 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Microsoft Access 97-2003.ADR [2011-05-26 17:16:23 | 000,090,112 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-08-21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-08-21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-08-21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:58A5270D < End of report > [/log] OTL - Extras.txt [log] OTL Extras logfile created on: 2014-01-13 07:54:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mateusz\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 44,99% Memory free 22,00 Gb Paging File | 18,97 Gb Available in Paging File | 86,23% Paging File free Paging file location(s): c:\pagefile.sys 6144 7168d:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 66,28 Gb Total Space | 6,10 Gb Free Space | 9,21% Space Free | Partition Type: NTFS Drive D: | 399,37 Gb Total Space | 163,21 Gb Free Space | 40,87% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 28,65 Gb Free Space | 3,08% Space Free | Partition Type: NTFS Computer Name: PIERDOLNIK | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .ini[@ = GetDiz.Document] -- D:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .ini [@ = GetDiz.Document] -- D:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com) [HKEY_USERS\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{076137DC-59AF-4819-A6C1-5263937B5363}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{090540D8-6A42-4F05-A034-F49A648CA98F}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 | "{094AD0B2-BB94-48F5-AAE5-68ED59CE28CE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{09D59F42-7C89-4EB2-A4FE-1F83118DA305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0C5055A3-F17A-4CED-BC85-53ACD6E1C033}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0D7BD9BF-829F-4145-9409-D08313553181}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{119F7563-295F-43C5-968D-B85F23776DA6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19DDE191-1578-42D9-BC24-D1A65B747230}" = lport=10243 | protocol=6 | dir=in | app=system | "{1BA807A5-C6EA-4480-8E22-7C0E2776B566}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{24B21158-3C62-4D0B-83C2-C746726C0E52}" = rport=10243 | protocol=6 | dir=out | app=system | "{24F97CE4-2873-4EC7-8F8D-4E6B0B8EB602}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service | "{27A0917A-A2F2-4293-919E-EF02E074DCCD}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 | "{27D1CFD7-FABF-452D-9915-4D2E8BE28A02}" = lport=445 | protocol=6 | dir=in | app=system | "{2838B472-F767-499C-83AB-CBCCC5DEFF83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{28798655-BDB4-4A87-AB8F-34A07CB4D85A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2FC5A8D0-2F60-4EC2-BF01-01C0FE784F00}" = rport=137 | protocol=17 | dir=out | app=system | "{3104CB73-2E07-47A8-A207-893C4AF8A52B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{358B59D1-D4F5-4D88-9E76-23148227A100}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{394889A2-3FFC-4A40-92D2-51F809D6B8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A7DBEFD-5DFF-4663-A05A-F3858F62CC8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3E6C3984-ADDC-4707-B9CF-A3F7688D8C18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3EB7A233-87BA-4E6F-BB3C-ADCBBCD8F27C}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 | "{43D50C3F-C0AC-4F0F-8EC7-27D303040068}" = lport=139 | protocol=6 | dir=in | app=system | "{461A8CE5-5226-4481-951E-1D5D61785D92}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4E9DC628-B84D-4A20-9E12-50853FDBB6B4}" = lport=137 | protocol=17 | dir=in | app=system | "{546EC5A8-7EA7-418E-9AF8-EAF194F4B651}" = lport=135 | protocol=6 | dir=in | name=rpc endpoint mapper and dcom infrastructure | "{55253AF4-A873-4F59-A168-6EA68E5140AF}" = rport=445 | protocol=6 | dir=out | app=system | "{576C0DF8-EFA3-44F1-BF4B-DFC87B29D9CE}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port | "{59346F7D-BC28-4661-AB4E-4A1247EF7F82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C1B7564-5B61-423E-99F1-B6A79A4C5430}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port | "{64CF75E1-671A-48EC-B514-F0A302A20A5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6FC75D83-814E-4145-9BCB-A3B10BDF1A19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70CE2EA3-5768-4E71-B9E1-2B4157C2A233}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{804BE2F6-BE80-4794-88A5-E7C09AF64BAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8254F7F5-5020-4183-9A01-524158B5CFFF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{844C60F1-78F1-4975-B698-34B37A671D70}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{8B130042-CA83-4D3A-AAC7-C87924C2CE27}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\outlook.exe | "{983B07E5-721A-4D71-B055-9377DE04CC14}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9AD065BB-CF33-4255-B4F8-EABF94A44E5A}" = lport=138 | protocol=17 | dir=in | app=system | "{9ECD03B9-E102-497E-9186-0D9E19F2A109}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A809F87C-B8C5-4167-BCFE-6FE4ADC8765C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A9DBF4FB-05A8-4203-96C8-A6F4271E623E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AC470508-5684-409C-8B9B-FEBEFFCEC83D}" = lport=4500 | protocol=17 | dir=in | name=ipsec (ike nat-t) | "{AD9E012B-19C2-4C5D-88A0-08352F456529}" = rport=139 | protocol=6 | dir=out | app=system | "{B03DD6B8-E709-4EAC-A60B-25530C0B8BC1}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 | "{B4AA390E-6A36-47C7-98FD-AD392262FE0C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{B74567D9-3B43-44A9-8DB9-BFFFA81CAC11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6C11EC4-9284-4A4A-A10F-179417FB857F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9272C68-FB8C-4241-9ABA-AFBA35E6E57A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD428478-F643-492D-8755-1D84AEB84C06}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CDD3DF9F-464A-40A1-B975-BE30E5341513}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CE98748B-16E4-4BF0-B5DA-B73CB2E59523}" = lport=2869 | protocol=6 | dir=in | app=system | "{D89AB05D-8581-457A-ADE1-DBF5CDE4653B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DE6EF6CE-8188-450E-B06F-66B4490DB233}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F6B91A1B-ED07-4AFF-8193-120E3D6F2634}" = rport=138 | protocol=17 | dir=out | app=system | "{F7FB4D53-F6E7-419D-83CB-1FAFC0BBF2CA}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port | "{FB7C6B50-5851-436A-A114-062BEE45A50A}" = lport=500 | protocol=17 | dir=in | name=ipsec (ike) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0183AEB6-6F90-49F6-9622-EA3D80C9DFBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{01EF6947-1C36-43D9-90E7-E2B880BE576D}" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe | "{028EF6E8-5DED-491D-B7C9-E0ACBF4C7F0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{0319209A-43D8-4D63-AEDF-BCBDF3A4E3E7}" = protocol=6 | dir=in | app=d:\program files (x86)\veetle\player\veetlenet.exe | "{0489576D-5E07-4D02-97DF-FE0CE89EC5EF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\iwan59\counter-strike\hl.exe | "{063665FC-A111-4C58-8ECD-C6A781AEE757}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | "{080D95CE-2847-4323-B99D-630C72118D90}" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\local\google\google talk plugin\googletalkplugin.exe | "{092E5A17-1E9C-4BFB-9257-7A80B25CD529}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0A290B04-2B4D-435B-9E6B-23C8B1F9839A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0DC0AFA8-4163-41F6-A68D-11D87EF660CC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{14542955-1521-4ADD-88B0-F67492B92597}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{15D85BAA-9F01-429D-AE48-18A46C82B089}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{15F289AB-6932-411B-851F-F3FE63AA8B03}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{2345D7AA-96C1-4D3A-BD0E-0F4CC0AB506E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{24FCC515-5C3B-4FED-8C31-1F03579599C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2643F19F-508D-4493-AE7F-527BD0995FDE}" = protocol=6 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.exe | "{29D908B5-BB50-4755-B5C1-B495EAAE89F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D821329-A03C-4E92-AAF4-4BB6FD9B54F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{3020604B-00A4-4044-AA27-AFE07898B982}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{31388D8D-9F5D-46AB-AA46-90EF20A231BA}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x64\msvsmon.exe | "{317D20A9-5CC1-4649-A664-972E2211F953}" = protocol=17 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.exe | "{32768947-1A18-4338-AEAA-BD7BC142BF28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33869DD6-E858-464B-B007-F6447E8ACBF6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{33F5EE22-9613-4133-BE2E-C2D73FD4B3DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3427A5E6-FCFC-42A0-85C0-552590252DE3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{375696BB-BF1F-4386-B419-A568AABF0452}" = dir=out | app=%programfiles% (x86)\google\drive\googledrivesync.exe | "{3A7ED122-3F16-4AC4-9032-741EBFB4D42E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3C2B7AEB-E600-408C-8971-A057820C100B}" = protocol=17 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.dll | "{3D39EC00-850B-495D-803D-5BC2532A6AAD}" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\roaming\rayv\rayv\rayv.dll | "{3E162931-1FB8-4BFB-ACC8-6B3E35CB6E54}" = dir=in | app=%programfiles% (x86)\google\drive\googledrivesync.exe | "{4036B769-0773-4FBE-B25F-E34FD7C81B9E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{413AD817-FDF0-4E6C-9685-3DD70FD9F6CE}" = protocol=6 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.exe | "{41854C3F-C32E-491E-A40E-E25B66FB9521}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{41BFD621-6158-4008-9946-3B517E67669C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{421474B1-29E9-4B7E-A856-C2FF5D83F3CB}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | "{4477AF59-DD1A-4293-BD37-A01D2A8C47FF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\iwan59\counter-strike\hl.exe | "{45F58A38-4B2D-4915-9259-FBA694B5E7AF}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | "{46279DD2-E07A-47BC-AEF6-F6AB821AC93C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{46D2F84B-9ABC-48C5-AE77-4D58067026D0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{481A5B43-1322-4202-A203-2EC1575173DC}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\groove.exe | "{482ADFEE-45FD-459C-83CF-68EB7077C82A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{485FB886-EF8B-4B89-9382-BC4D2EF57AFE}" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\roaming\rayv\rayv\rayv.dll | "{48B61B67-7B15-4639-B7EC-A48C806E7665}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{49D9E2E9-DADA-423D-A63C-841BD1E0D18B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{49F64F88-45D8-460B-BD3C-B16601DAD5AC}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe | "{4A2B4215-BAF9-46D5-BCEB-2A32A6C55D77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{4C85465B-BD75-4455-877B-AEE9997C9F82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{4DBE4DA5-C317-4C44-91F9-57ABE4B33B27}" = protocol=6 | dir=in | app=d:\program files (x86)\opera\opera.exe | "{4F246B89-BEDF-4458-93BF-CB67CD7EC8B8}" = protocol=6 | dir=in | app=d:\program files\wolfram research\mathematica player\7.0\mathematicaplayer.exe | "{4FEBCFDB-2741-4A10-B327-C899F6FD8263}" = protocol=6 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "{53C22C26-5837-454D-B475-77F888A35C14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{561F37E7-6314-44C4-AB7C-22D80C69F09A}" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\local\google\google talk plugin\googletalkplugin.exe | "{58285064-4747-4C4F-8251-D48B81734507}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{594FC12A-36DD-47A1-AD2E-8B0FD52BB45C}" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\local\google\google talk plugin\googletalkplugin.exe | "{668DFF9F-B32E-422F-97D7-3A67E0E1C3EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6AB13C58-E22F-4F56-ABEC-91310A0A56E0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6D454658-7C50-4D8B-8772-6487988D0E91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6E2E8E89-F640-4A4D-AB5A-DF0523A8CB04}" = protocol=6 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.dll | "{6E58E4F4-3875-44E7-9F79-A98D1AB72CF2}" = protocol=17 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "{6F69E10B-1F36-4567-8983-CF6491D13EF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{74F6DAEB-4570-4CE1-AB6A-F79224D0A71E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{74FC97EA-EB0E-4D22-9416-1F74894DB1B1}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x64\msvsmon.exe | "{7A43F96F-B48F-49DE-B9DA-C1A9B05A88AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{7A740D87-E210-4B8C-9DBC-68F9067F5C24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C11090B-C209-4B9A-8A67-98C2AB0F6DBB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7EF7C1F3-48F2-43D7-84F4-80F16A6FF52A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{80370229-F616-400E-A660-C53DB240205F}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | "{848E6294-5695-43C7-A929-E4F634DD33FB}" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\local\google\google talk plugin\googletalkplugin.exe | "{84FD8851-656D-4B27-B73C-A8A3ABD165D4}" = protocol=6 | dir=out | app=system | "{851747B4-C114-4236-B8B1-87DC0D07EBB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{87CB48B7-B365-4B16-A9A0-61AA560BDDE4}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe | "{883A23AA-950B-45B9-9D12-D9C7CA0DB0BF}" = dir=in | app=c:\users\mateusz\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{8DFDEAD0-D8B4-43DE-B517-1D8A7924C9D4}" = protocol=17 | dir=in | app=d:\program files\wolfram research\mathematica player\7.0\mathematicaplayer.exe | "{8EBB4FBF-C8BB-4220-851D-589E0CBAFB74}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\iwan59\counter-strike\hl.exe | "{8EF99A91-2C97-4D99-9224-25167687681F}" = protocol=6 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.dll | "{90286DFC-20F0-4B58-ADC4-C18D67F55533}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{940F6641-4CC4-4864-8637-FE3C461126F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{96D2B3D6-1DBE-40A6-8B6D-266D04C4B647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9C755218-A7D7-4CE8-A9BC-E43552DFE77D}" = protocol=6 | dir=in | app=d:\gry\capcom\street fighter x tekken\sftk.exe | "{9E9BFA6C-2458-448E-ABD7-D116B9A6F4EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9FD20465-7DBD-4B79-AFF1-9D4EB0A3C409}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A27EE2CE-1443-42F1-9772-ACB1E2DB0346}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{A2E6A058-11B2-4CEB-A793-0179B3F828D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A427013F-A4EA-443B-A6F3-E480A4810433}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A5195FFE-2986-4F7F-982F-F6E174D641A8}" = protocol=17 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.exe | "{A5E88ADA-F4B4-4C38-A38F-4EB92052D51D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{A5E8B03F-622B-4E09-9E17-6726F34924CD}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | "{A88D112B-2F03-43C0-A30C-A0B823DECDCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AC25EC12-BFDB-4AEC-989C-2E0EB4A43649}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ACB87E43-5A9E-4117-A0DA-A44017C5272A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AF108486-12A1-4EF7-9108-CFF4761522D3}" = protocol=6 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "{AF562B66-82EA-4DC5-84A9-996ED8E5F1D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{B16F11EC-5F4C-427B-9920-B3144874B0A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B23D93C9-0532-4246-8706-FD488A697D27}" = protocol=17 | dir=in | app=d:\program files (x86)\rayv\rayv\rayv.dll | "{B3A4DDDA-2D2B-4165-93A3-DE4A6849DBF4}" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe | "{B4063CBA-9A51-4CAD-BBE0-2A219EA5FF22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{B462C545-9D41-4887-BB6A-613950573BF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{B5278341-837E-4E25-B78D-23FD1CCCE9AE}" = protocol=17 | dir=in | app=d:\program files (x86)\opera\opera.exe | "{B7CEE0A2-FFB8-4859-98F2-9BC40DC06B7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B84CB871-4D79-43B6-B2AB-196601CCA7EA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BC69EC50-D2E8-45A6-9925-C4C3DC8713FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{BCA8918B-DC30-4EB4-B195-CE78CE84FBC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BCC9D39F-BDDD-4AF1-958B-C6DBA93F8408}" = dir=in | app=d:\program files (x86)\skype\phone\skype.exe | "{C009503F-9B92-400C-9E0B-AB2CF1267482}" = protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{C3600810-8B1D-497F-B7D5-62C21AE2FF0E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\iwan59\counter-strike\hl.exe | "{C49378D6-6ACD-4F5B-984F-70C8DEC65E16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{C91258C7-ECAB-4D6F-8AD5-18A342380891}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{C9985650-B5EF-4D90-868A-418E01193C45}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD697ECE-8099-4996-BA20-704533D8C790}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\groove.exe | "{CFD5C6A8-2AE3-472B-87D9-7BE72782F15B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D0169822-4145-4A17-B7BD-5329C0F54686}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D28DD072-BD76-47E6-804D-D0BF8AC4308B}" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\roaming\rayv\rayv\rayv.dll | "{D5DE29D4-2B59-467B-AD9E-D2D87D116470}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | "{D6493FC4-A835-4811-9EF5-41093A7FE6EC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D6AF12C3-D7C1-4C91-AA93-58CF7514F5F8}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe | "{D8AF4B6D-C1A4-4056-B224-7146B1743601}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{DA8FAD97-7F22-49BC-BEF9-3226A055C534}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DCA4B643-3B9F-42B2-BC2E-BA3AA783A826}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E0CBFE69-E009-49D2-A453-CFFA0C39C15C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{E1FDC629-EB7E-475D-B6A3-BC4BA43A5000}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E415BDA0-DE47-49D0-B449-553BE7611E12}" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\roaming\rayv\rayv\rayv.dll | "{E46ED970-1890-46A4-97FD-5A48BDE59B02}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E6758363-BA02-456D-A4D7-09B105CC1847}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E75644EC-1F79-41FA-B354-85D32DFAE808}" = protocol=17 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "{E81D37F4-D954-475A-BDEC-A46A9C51A70A}" = protocol=17 | dir=in | app=d:\gry\capcom\street fighter x tekken\sftk.exe | "{EA84EC3D-5C61-43F7-B51D-4F251880BDA1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{ECD22AD1-03D3-4BA3-A438-BBCA8ACB17E5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EEF57BF3-6795-4AB2-8072-B548A822A38A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{F1F77E74-1ED6-4D45-8BC8-7B4EDB62F5F4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F5A34FEB-4E97-4A11-85F4-6ADF7A4CDA4C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F5EE948D-650E-4CF1-9313-6B9C7F20F648}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F732DBE6-C82B-450D-884F-E8633438C089}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{FD3DB750-F00B-4707-B0D0-6E7F8B47CEEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FFD0DB54-B93D-492B-A002-B68D981646D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "TCP Query User{02DBBEC8-7FC3-4550-9E4C-9899622075C5}D:\gry\ubisoft\call of juarez the cartel\coj_thecartel.exe" = protocol=6 | dir=in | app=d:\gry\ubisoft\call of juarez the cartel\coj_thecartel.exe | "TCP Query User{0DF7519C-A3F9-41DE-851F-D9178BB64991}D:\gry\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=d:\gry\thq\saints row the third\saintsrowthethird_dx11.exe | "TCP Query User{19B30FD1-AA0E-4DFC-BDD6-58CAEFD1623C}D:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\winamp\winamp.exe | "TCP Query User{2F87A132-9975-4AFE-A733-C3B6802D3F4E}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{44EC61DE-53F7-4BB4-88B6-152CFDB7A578}D:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{49EA7322-8E8E-4B4B-9943-678347460B86}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{4D2D4AAC-E58F-4F25-A55D-80338E5A0C99}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4E767F8B-BB24-482E-8F02-C583C1241C18}D:\gry\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\gry\valve\portal 2\portal2.exe | "TCP Query User{4F065B6F-283A-47B7-9A55-1753EF16EBCD}D:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe | "TCP Query User{53E4CB97-C4EF-4524-8ABE-933D1EC67CAB}D:\gry\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\gry\dead island\deadislandgame.exe | "TCP Query User{6200B99E-0D0C-4378-AA16-BE0CBF1C075A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{761AB45D-DC7F-4C33-96C5-203C212B48FE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{7C3307D5-207D-421B-B941-9B8D757D4BFD}D:\gry\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\gry\wb games\f.e.a.r. 3\f.e.a.r. 3.exe | "TCP Query User{7E7E6E73-F7CA-46EE-B95B-CC79ADF0ADDD}C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{AF31205B-2B89-4E95-A87A-EFAD130D201D}D:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{B23FCFCD-E065-4B88-A0BE-3DF891BB9E3F}D:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=d:\program files (x86)\opera\opera.exe | "TCP Query User{D1B20F13-CCDF-4221-95BE-0F45984EF67A}D:\gry\konami\pro evolution soccer 2014\pes2014.exe" = protocol=6 | dir=in | app=d:\gry\konami\pro evolution soccer 2014\pes2014.exe | "TCP Query User{DA3E6771-49B7-4DAD-9B3B-B89256A28BD8}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{F17F2943-6BDB-46C0-B242-917FE8A56C06}D:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{F9DEB60C-3D9A-497B-BFD0-227683C88E9E}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{06A0A096-798E-4D4A-A710-FA8241A82D8F}D:\gry\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=d:\gry\thq\saints row the third\saintsrowthethird_dx11.exe | "UDP Query User{11985F8E-9B1B-4C72-A64F-53C5765135EA}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{1716F5B2-5BA8-4447-9F87-94B713402C2F}D:\gry\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\gry\wb games\f.e.a.r. 3\f.e.a.r. 3.exe | "UDP Query User{242C0A52-A35B-499C-9DE2-5BEFFCA3A79C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{38BF1B02-5B74-4D54-B01C-259B85CB97F2}D:\gry\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\gry\valve\portal 2\portal2.exe | "UDP Query User{3998AF67-B65B-42DE-AE70-B1E8CEEA85E3}D:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\winamp\winamp.exe | "UDP Query User{45D28EAE-AA4D-4A07-9F4A-21CA9EF4B531}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{51106256-08CD-4DC1-8EB8-3D4A35F541E3}D:\gry\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\gry\dead island\deadislandgame.exe | "UDP Query User{55118728-BC6A-418B-B3C2-13ACAD036C5D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{8069ACE2-42F1-48F2-A60A-FEFC5E00B753}D:\gry\konami\pro evolution soccer 2014\pes2014.exe" = protocol=17 | dir=in | app=d:\gry\konami\pro evolution soccer 2014\pes2014.exe | "UDP Query User{84C3D489-4599-4A28-A738-47F6E784F598}D:\gry\ubisoft\call of juarez the cartel\coj_thecartel.exe" = protocol=17 | dir=in | app=d:\gry\ubisoft\call of juarez the cartel\coj_thecartel.exe | "UDP Query User{85347E43-02E3-4276-A52A-F42AB2EB34F0}D:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{88FF1A53-A304-4ADA-B460-CAB9277877AB}D:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=d:\program files (x86)\opera\opera.exe | "UDP Query User{A1886E44-A52C-48C2-AE31-987DF73714CD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{AD1FFF58-5AD1-4474-B080-CFBD5461F123}D:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre7\bin\javaw.exe | "UDP Query User{C9B03E11-45B9-4140-A537-85F139B586D0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{CB5AE648-5553-4583-A565-8CD11C367384}C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{CD527402-2A78-49C5-9811-87AA2B111CC1}D:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{DE01A116-9118-4283-B3BF-14A92963CE6E}D:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{E97E5EE1-0C16-4C42-878C-4202E1D0A353}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile "{6397820D-9FC6-774C-1EF5-CBA09049E426}" = AMD Fuel "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit) "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1" = Adobe Reader 64-bit fixes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9C94B992-B310-4183-854A-CFB7DA90F1D1}" = Windows 7 Manager "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PL-PL Language Pack "{DE469D65-1DEB-4058-BF95-C642D733668D}_is1" = Office Tab FreeEdition 9.20 "{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.22 "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.6.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU "M-WIN-D 7.0.1 1223367_is1" = Mathematica Player (M-WIN-D 7.0.1 1223367) "WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0EC02B5F-D049-5E91-5966-C0BC4C732B45}" = CCC Help Spanish "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch "{148971EC-8755-A666-D384-8F2E9E8B0DC8}" = Application Profiles "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{207DA277-6A6D-4863-B535-129931D2BB21}" = Galeria fotografii "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1 "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack "{2F2363F9-102C-448B-8E3E-02FCFE78A28D}" = Movie Maker "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3E0DCC65-1931-EAB3-7687-3788469B385A}" = CCC Help Japanese "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian "{46BC55A2-B4CE-46B5-8303-A2076B899505}" = Windows Live UX Platform Language Pack "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Obsługa programów Apple "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4F191CC0-F04F-D5B6-8BD2-968A8C2EB3AD}" = CCC Help French "{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian "{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials "{5EFD3544-2371-4900-8ACA-F157BA80FB0C}" = Pro Evolution Soccer 2014 "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE "{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7B9B4675-5C1B-257A-BAFE-04E37AAC7100}" = CCC Help Finnish "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger "{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{877B4763-B62C-92E8-D841-40B2A8D3381F}" = CCC Help Dutch "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00B2-0415-0000-0000000FF1CE}" = Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0054-0415-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese "{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DEC9DE4-67F5-42A6-8FEA-7ED2F8888F29}_is1" = Multiupload Batch Uploader 1.0 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A5132733-04B1-E373-2FF4-A374AC8963D1}" = CCC Help English "{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese "{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker "{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer "{B7EC0338-EAE9-ABEA-D202-95025E66CC8C}" = HydraVision "{B810D852-DFD6-NFSMW-89A5-CC4D47756DAF}_is1" = Need for Speed Most Wanted version 5.1 "{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C33B045C-BA6F-2754-F63F-FA4A9559CAD1}" = CCC Help Italian "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish "{D9B5FC5B-815A-4EE9-B7BF-08165F2A6A36}_is1" = BIOS Code Unlocked Technology "{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common "{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0EF0281-14C6-0D96-C49A-45A9F21206DE}" = CCC Help Chinese Traditional "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform "{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common "{E8D4EE56-DF37-C9C8-C623-8D5C0DC02CE9}" = CCC Help Swedish "{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish "{EA5A6416-454B-D123-A499-A5A75B8425D5}" = CCC Help Chinese Standard "{EBAB9C68-13BF-357B-BCB3-0FF25A696FB6}" = CCC Help Danish "{ED58903E-F2C1-9CB4-C83F-CA7E9D8E87FD}" = CCC Help Norwegian "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F8170627-908C-AD35-A6B0-3873E31F4FA4}" = CCC Help German "{FA12037C-B6FA-4825-86BC-D58AA6A9CC24}" = Podstawowe programy Windows Live "{FBA73805-0F67-428B-8E4F-FAE16A452685}" = Photo Common "{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Call of Juarez The Cartel_is1" = Call of Juarez The Cartel "ClassicPro" = ClassicPro© v1.15 "DFX for Winamp" = DFX for Winamp "DivX Setup" = DivX Setup "Duke Nukem Forever_is1" = Duke Nukem Forever "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition "ENTERPRISE" = Microsoft Office Enterprise 2007 "F.E.A.R. 3_is1" = F.E.A.R. 3 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "GetDiz 4.5" = GetDiz 4.5 "Google Chrome" = Google Chrome "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "LastFM_is1" = Last.fm Scrobbler 2.1.36 "LiveVDO plugin" = LiveVDO plugin 1.3 "LOGO!Soft Comfort V7.0 " = LOGO!Soft Comfort V7.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300 "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU "Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU "Mozilla Firefox 24.0 (x86 pl)" = Mozilla Firefox 24.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "nLite_is1" = nLite 1.4.9.1 "Notepad++" = Notepad++ "Office14.VISIOR" = Microsoft Visio Professional 2010 "Open Codecs" = Xiph.Org Open Codecs 0.85.17777 "OpenAL" = OpenAL "Opera 11.52.1100" = Opera 11.52 "OverclockingCenter_is1" = OverclockingCenter "Picasa 3" = Picasa 3 "Postal 2_is1" = Portal 2 "PunkBusterSvc" = PunkBuster Services "QuickSFV" = QuickSFV (Remove only) "RayV" = PL-IPTV "Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1" = Football Manager 2014 "Rockstar Games Social Club" = Rockstar Games Social Club "Saints Row The Third_is1" = Saints Row The Third "SopCast" = SopCast 3.5.0 "SpeedFan" = SpeedFan (remove only) "Splashtop Software Updater" = Splashtop Software Updater "ST6UNST #1" = OPT Design Assistant "Steam App 10" = Counter-Strike "The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1 "Tombraider_is1" = Tombraider "Total Video Converter 3.11_is1" = Total Video Converter 3.11 "Totalcmd" = Total Commander (Remove or Repair) "UltraISO_is1" = UltraISO Premium V9.36 "uTorrent" = µTorrent "Veetle TV" = Veetle TV "VGhlIFdhbGtpbmcgRGVhZCBTdXJ2aXZhbCBJbnN0aW5jdCAo~1255DFC2_is1" = The Walking Dead Survival Instinct (c) Activision version 1 "VLC media player" = VLC media player 1.1.9 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4117203865-960949127-2198854606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BankBrowser" = BankBrowser "CodeBlocks" = CodeBlocks "Dropbox" = Dropbox "Winamp Detect" = Detektor Winampa ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2014-01-12 12:20:31 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 998 Error - 2014-01-12 12:20:32 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2014-01-12 12:20:32 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3572 Error - 2014-01-12 12:20:32 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3572 Error - 2014-01-12 12:20:33 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2014-01-12 12:20:33 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4586 Error - 2014-01-12 12:20:33 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4586 Error - 2014-01-12 12:20:34 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 2014-01-12 12:20:34 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5585 Error - 2014-01-12 12:20:34 | Computer Name = PIERDOLNIK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5585 [ Media Center Events ] Error - 2012-12-25 07:58:10 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 538 Description = Error - 2012-12-25 08:10:18 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 538 Description = Error - 2013-01-02 14:20:18 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-02 14:20:36 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-02 14:23:08 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-02 14:24:34 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-02 14:25:20 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-02 14:27:02 | Computer Name = PIERDOLNIK | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 2013-01-22 12:08:02 | Computer Name = PIERDOLNIK | Source = MCUpdate | ID = 0 Description = 17:08:02 - Błąd podczas nawiązywania połączenia z Internetem. 17:08:02 - Nie można skontaktować się z serwerem.. Error - 2013-01-22 12:09:14 | Computer Name = PIERDOLNIK | Source = MCUpdate | ID = 0 Description = 17:08:51 - Nie można pobrać pakietu MCEClientUX (Błąd: Nie można połączyć się z serwerem zdalnym) [ OSession Events ] Error - 2011-05-29 18:11:27 | Computer Name = PIERDOLNIK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error - 2013-03-17 14:15:40 | Computer Name = PIERDOLNIK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 162582 seconds with 10500 seconds of active time. This session ended with a crash. [ System Events ] Error - 2014-01-12 11:36:03 | Computer Name = PIERDOLNIK | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk3\DR3. Error - 2014-01-12 11:36:06 | Computer Name = PIERDOLNIK | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk4\DR4. Error - 2014-01-12 11:36:18 | Computer Name = PIERDOLNIK | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi ShellHWDetection. Error - 2014-01-12 11:36:34 | Computer Name = PIERDOLNIK | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR5. Error - 2014-01-12 15:33:53 | Computer Name = PIERDOLNIK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi AODDriver4.2 z powodu następującego błędu: %%2 Error - 2014-01-12 15:34:20 | Computer Name = PIERDOLNIK | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\aspi32.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-01-12 15:34:20 | Computer Name = PIERDOLNIK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 Error - 2014-01-13 02:42:30 | Computer Name = PIERDOLNIK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi AODDriver4.2 z powodu następującego błędu: %%2 Error - 2014-01-13 02:42:31 | Computer Name = PIERDOLNIK | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\aspi32.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-01-13 02:42:31 | Computer Name = PIERDOLNIK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 < End of report > [/log] GMER - GMER.log [log] GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-13 08:40:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: gmer.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwtcyaob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031a9000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800031a9011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2036] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2036] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074001a22 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074001ad0 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074001b08 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074001bba 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074001bda 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074001a22 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074001ad0 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074001b08 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074001bba 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074001bda 2 bytes [00, 74] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75] .text ... * 2 .text C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe[3144] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75] .text C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe[3144] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75] .text ... * 2 .text D:\Program Files (x86)\SpeedFan\speedfan.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75] .text D:\Program Files (x86)\SpeedFan\speedfan.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4824:4320] 000007fefbf32a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4824:4360] 000007feebb84830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4824:2876] 000007feebb09d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4824:3720] 000007feebb84830 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice@Progid Winamp.File.669 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice@Progid VLC.a52 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice@Progid Winamp.File.amf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice@Progid VLC.amv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice@Progid VLC.aob Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice@Progid VLC.ape Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice@Progid Winamp.File.avr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice@Progid Winamp.PlayList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice@Progid Winamp.File.caf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice@Progid Winamp.File.CDA Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice@Progid VLC.dv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice@Progid Winamp.File.far Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice@Progid VLC.gxf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice@Progid KLCP64.WMP.hdmov Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice@Progid Winamp.File.htk Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice@Progid Winamp.File.iff Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice@Progid Winamp.File.it Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice@Progid Winamp.File.itz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice@Progid Winamp.File.KAR Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice@Progid Winamp.File.mdz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice@Progid Winamp.File.MIZ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice@Progid VLC.mlp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice@Progid Winamp.File.MP1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice@Progid VLC.mpc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice@Progid VLC.mpeg1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice@Progid VLC.mpeg2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice@Progid VLC.mpeg4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice@Progid KLCP64.WMP.mpls Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice@Progid KLCP64.WMP.mpv4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice@Progid Winamp.File.mtm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice@Progid VLC.mxf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice@Progid Winamp.File.NSA Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice@Progid Winamp.File.nst Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice@Progid VLC.nsv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice@Progid VLC.nuv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice@Progid VLC.ogx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice@Progid Winamp.File.okt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice@Progid VLC.oma Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice@Progid Winamp.File.paf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice@Progid Winamp.File.ptm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice@Progid Winamp.File.pvf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice@Progid KLCP64.WMP.ra Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice@Progid VLC.ram Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice@Progid VLC.rec Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice@Progid Winamp.File.rf64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice@Progid Winamp.File.s3m Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice@Progid Winamp.File.s3z Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice@Progid Winamp.File.sd2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice@Progid VLC.sdp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice@Progid Winamp.File.sds Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice@Progid Winamp.File.sf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice@Progid Winamp.File.stm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice@Progid Winamp.File.stz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice@Progid VLC.tod Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice@Progid VLC.tta Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice@Progid Winamp.File.ult Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice@Progid Winamp.File.VLB Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice@Progid VLC.vlc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice@Progid Winamp.File.voc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice@Progid VLC.vqf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice@Progid VLC.vro Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice@Progid Winamp.File.w64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice@Progid WMP11.AssocFile.WMD Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice@Progid WMP11.AssocFile.WMS Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice@Progid WMP11.AssocFile.WMZ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice@Progid VLC.wv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice@Progid Winamp.File.wve Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice@Progid VLC.xa Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice@Progid ChromeHTML Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice@Progid ChromeHTML Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice@Progid Winamp.File.xi Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice@Progid Winamp.File.xm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice@Progid Winamp.File.xmz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice@Progid VLC.xspf ---- EOF - GMER 2.1 ---- [/log] [b] RSIT - Info.txt [/b] [log] info.txt logfile of random's system information tool 1.09 2014-01-13 08:40:58 ======Uninstall list====== (XP mode application)4nec2 (XP mode application)4nec2 help (XP mode application)4nec2 on the Web (XP mode application)Adobe Reader 6.0 CE (XP mode application)Build (XP mode application)Build help (XP mode application)ChomikBox (XP mode application)Getting Started (XP mode application)Informacje dodatkowe (XP mode application)Odinstaluj ChomikBox (XP mode application)Pobierz sterownik (XP mode application)Read Me first (XP mode application)Uninstall 4nec2 (XP mode application)View (XP mode application)View help -->C:\Program Files (x86)\InstallShield Installation Information\{43430FA5-AF68-4A2D-A7D4-891000008200}\setup.exe µTorrent-->"D:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL 64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -maintain plugin Adobe Reader 64-bit fixes-->"C:\Program Files (x86)\Adobe Reader 64-bit fixes\unins000.exe" Adobe Reader X (10.1.8)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" AMD Accelerated Video Transcoding-->MsiExec.exe /X{003B37AE-21F5-5BC5-F5EB-CD60A8928696} AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441} AMD Catalyst Install Manager-->msiexec /q/x{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC} REBOOT=ReallySuppress Apple Mobile Device Support-->MsiExec.exe /I{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C} Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66} Application Profiles-->MsiExec.exe /X{148971EC-8755-A666-D384-8F2E9E8B0DC8} Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging BIOS Code Unlocked Technology-->"d:\Program Files (x86)\MSI\BIOS Code Unlocked Technology\unins000.exe" Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} Call of Juarez The Cartel-->"D:\Gry\Ubisoft\Call of Juarez The Cartel\unins000.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1} CCleaner-->"d:\Program Files\CCleaner\uninst.exe" Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników-->MsiExec.exe /X{92DBCA36-9B41-4DD1-941A-AED149DD37F0} Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B} Chinese Traditional Fonts Support For Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-A00000000003} ClassicPro© v1.15-->"d:\Program Files (x86)\Winamp\Uninstall ClassicPro.exe" Counter-Strike-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10 CPUID HWMonitor 1.22-->"d:\Program Files\CPUID\HWMonitor\unins000.exe" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{81FB7C60-565A-4869-9D90-3BE1D270E8B7}" "1045" "0" DFX for Winamp-->D:\Program Files (x86)\DFX\uninstall_Winamp.exe DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-0415-0000-0000000FF1CE} Duke Nukem Forever-->"D:\Gry\2K Games\Duke Nukem Forever\unins000.exe" EASEUS Partition Master 8.0.1 Home Edition-->"D:\Program Files (x86)\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe" F.E.A.R. 3-->"D:\Gry\WB Games\F.E.A.R. 3\unins000.exe" Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E} Football Manager 2014-->"D:\GRY\Football Manager 2014\unins000.exe" Free PDF to Word Doc Converter v1.1-->"D:\Program Files (x86)\Free PDF to Word Doc Converter\unins000.exe" Galeria fotografii-->MsiExec.exe /X{207DA277-6A6D-4863-B535-129931D2BB21} GetDiz 4.5-->D:\PROGRA~2\GetDiz\UNINST~1\UNWISE.EXE D:\PROGRA~2\GetDiz\UNINST~1\install.log Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Drive-->MsiExec.exe /X{56D4499E-AC3E-4B8D-91C9-C700C148C44B} Google Earth-->MsiExec.exe /X{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} Google Talk Plugin-->MsiExec.exe /I{2A83AD05-56E6-3FBD-8752-B4143162EF59} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B6E073B9-F238-379A-AA45-D323CD308DAE} /parameterfolder Client HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} HydraVision-->MsiExec.exe /X{B7EC0338-EAE9-ABEA-D202-95025E66CC8C} IrfanView (remove only)-->D:\Program Files (x86)\IrfanView\iv_uninstall.exe iTunes-->MsiExec.exe /I{A535111D-95C8-487F-869E-CE4C239972D2} Java 7 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF} Java(TM) 7 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417000FF} Java(TM) SE Development Kit 7 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170000} JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10} JDownloader 0.9-->d:\Program Files (x86)\JDownloader\JDUninstall.exe K-Lite Codec Pack (64-bit) v4.6.0-->"D:\Program Files\KLCP64\unins000.exe" L.A. Noire-->"C:\Program Files (x86)\InstallShield Installation Information\{915726DF-7891-444A-AA03-0DF1D64F561A}\setup.exe" -runfromtemp -l0x0809 -removeonly Last.fm Scrobbler 2.1.36-->"d:\Program Files (x86)\Last.fm\UninsHs.exe" /u0=LastFM Live Update 5-->"D:\Program Files (x86)\MSI\Live Update 5\unins000.exe" LiveVDO plugin 1.3-->C:\Program Files (x86)\StartSearch plugin\uninst.exe Lizardtech DjVu Control-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x15 LOGO!Soft Comfort V7.0 -->"d:\Program Files (x86)\Siemens\LOGOComfort_V7\UninstallerData\Uninstall.exe" Malwarebytes Anti-Malware wersja 1.75.0.1300-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mathematica Player (M-WIN-D 7.0.1 1223367)-->"d:\Program Files\Wolfram Research\Mathematica Player\7.0\SystemFiles\UninstallFiles\Windows\unins000.exe" Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{A49402DD-2781-3782-B0CF-52BDA349E3F3} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2} Microsoft Antimalware Service PL-PL Language Pack-->MsiExec.exe /X{43592B2E-C393-433F-8D0E-5A4B15A8C786} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2010-->MsiExec.exe /X{90140000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2010-->MsiExec.exe /X{90140000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared 64-bit MUI (Polish) 2007-->MsiExec.exe /X{90120000-002A-0415-1000-0000000FF1CE} Microsoft Office Shared 64-bit MUI (Polish) 2010-->MsiExec.exe /X{90140000-002A-0415-1000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2010-->MsiExec.exe /X{90140000-006E-0415-0000-0000000FF1CE} Microsoft Office Visio 2010-->MsiExec.exe /X{91140000-0057-0000-0000-0000000FF1CE} Microsoft Office Visio MUI (Polish) 2010-->MsiExec.exe /X{90140000-0054-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3} Microsoft Security Client PL-PL Language Pack-->MsiExec.exe /I{DC911ADF-7B60-40F2-A112-FB1EB6402D07} Microsoft Security Client-->MsiExec.exe /X{E102B843-786A-4F58-AF75-6504570E207B} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework 2.0 Core Components (x64) ENU -->MsiExec.exe /I{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A} Microsoft Sync Framework 2.0 Provider Services (x64) ENU -->MsiExec.exe /I{03AC245F-4C64-425C-89CF-7783C1D3AB2C} Microsoft Visio Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall VISIOR /dll OSETUP.DLL Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)-->C:\Windows\SysWOW64\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} Microsoft Visual C++ 2005 Express Edition - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe Microsoft Visual C++ 2005 Express Edition - ENU-->MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU\install.exe Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{D9C50188-12D5-4D3E-8F00-682346C2AA5F} Movie Maker-->MsiExec.exe /X{2F2363F9-102C-448B-8E3E-02FCFE78A28D} Movie Maker-->MsiExec.exe /X{45898170-E68C-4F02-AA35-C2186BF347A3} Movie Maker-->MsiExec.exe /X{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1} Mozilla Firefox 24.0 (x86 pl)-->"D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77} MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Multiupload Batch Uploader 1.0-->"D:\Program Files (x86)\Multiupload Batch Uploader\unins000.exe" NapiProjekt 1.0.6.9-->"D:\Program Files (x86)\NAPI-PROJEKT\unins000.exe" Need for Speed Most Wanted version 5.1-->"D:\GRY\Need for Speed Most Wanted\unins000.exe" Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604} Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7} Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE} Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6} Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB} Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345} Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00} Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517} Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38} Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8} Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC} Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C} Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97} Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98} Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7} Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E} Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953} Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272} Nero MediaHub 10-->MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5} Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD} Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF} Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807} Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7} Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023} Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5} Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2} Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27} Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E} Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE} Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230} nLite 1.4.9.1-->"D:\Program Files (x86)\nLite\unins000.exe" Notepad++-->D:\Program Files (x86)\Notepad++\uninstall.exe Obsługa programów Apple-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D} Office Tab FreeEdition 9.20-->"D:\Program Files\Detong\Office Tab\unins000.exe" OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U Opera 11.52-->"D:\Program Files (x86)\Opera\Opera.exe" /uninstall OPT Design Assistant-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\OPT Design Assistant\ST6UNST.LOG" OverclockingCenter-->"d:\Program Files (x86)\MSI\OverclockingCenter\unins000.exe" Panda USB Vaccine 1.0.1.4-->"d:\Program Files (x86)\Panda USB Vaccine\unins000.exe" PDFCreator-->d:\Program Files (x86)\PDFCreator\unins000.exe Photo Common-->MsiExec.exe /X{DD7C5FC1-DCA5-487A-AF23-658B1C00243F} Photo Gallery-->MsiExec.exe /X{0F929651-F516-4956-90F2-FFBD2CD5D30E} Photo Gallery-->MsiExec.exe /X{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB} Picasa 3-->"d:\Program Files (x86)\Google\Picasa3\Uninstall.exe" PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} PL-IPTV-->d:\Program Files (x86)\RayV\RayV\uninstall.exe Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ClientLP Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ExtendedLP Portal 2-->"D:\GRY\Valve\Portal 2\unins000.exe" Pro Evolution Soccer 2013-->MsiExec.exe /X{C2523AE6-F335-4D0B-BC15-1C07E4ACE629} Pro Evolution Soccer 2014-->MsiExec.exe /X{5EFD3544-2371-4900-8ACA-F157BA80FB0C} PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickSFV (Remove only)-->d:\Program Files (x86)\QuickSFV\QSFVUNST.EXE d:\Program Files (x86)\QuickSFV\ QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe" Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Rockstar Games Social Club-->C:\Program Files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe Saints Row The Third-->"D:\GRY\THQ\Saints Row The Third\unins000.exe" Samsung Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A} SAMSUNG USB Driver for Mobile Phones-->D:\Program Files (x86)\SAMSUNG\USB Drivers\Uninstall.exe Secure Download Manager-->MsiExec.exe /I{C28422FB-F2CD-427A-ADED-9F281745CDB2} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Extended Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1045" "0" Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1045" "0" Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{EEB4DDD0-08EA-4787-BDAB-D38D67A35CD5}" "1045" "0" Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1045" "0" Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{01F2485C-FAEE-47E7-986E-B4F2FFC22D57}" "1045" "0" Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1045" "0" Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{5977D203-9F8B-4D14-9C1A-F67A52EDD183}" "1045" "0" Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB2251481)-->C:\Windows\SysWOW64\msiexec.exe /promptrestart /uninstall {23036C23-ECDE-47F5-A908-BEC94EE0456F} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB2538218)-->C:\Windows\SysWOW64\msiexec.exe /promptrestart /uninstall {01FF51E9-C771-4CD3-AD62-C9FB5AEF55A5} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} Security Update for Office 2007 (KB934062)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP Security Update for Publisher 2007 (KB936646)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} Snagit 10.0.1-->MsiExec.exe /I{22FC7536-BE5C-4E88-8069-C24689D34EC5} SopCast 3.5.0-->d:\Program Files (x86)\SopCast\uninst.exe SpeedFan (remove only)-->"d:\Program Files (x86)\SpeedFan\uninstall.exe" Splashtop Software Updater-->"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe" Splashtop Streamer-->MsiExec.exe /X{B7C5EA94-B96A-41F5-BE95-25D78B486678} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Street Fighter X Tekken-->"C:\Program Files (x86)\InstallShield Installation Information\{43430FA5-AF68-4A2D-A7D4-891000008200}\setup.exe" -runfromtemp -l0x0415 -removeonly Super-Charger-->"C:\Program Files (x86)\MSI\Super-Charger\unins000.exe" SyncToy 2.1 (x64)-->MsiExec.exe /I{88DAAF05-5A72-46D2-A7C5-C3759697E943} System Requirements Lab CYRI-->MsiExec.exe /I{943A8D28-80D6-41DC-AE94-81FEB42041BF} The Walking Dead (c) 3 version 1-->"D:\GRY\The Walking Dead\unins000.exe" The Walking Dead Survival Instinct (c) Activision version 1-->"D:\Gry\The Walking Dead Survival Instinct\unins000.exe" Tombraider-->"D:\GRY\SQUARE ENIX\Tombraider\unins000.exe" Total Commander (Remove or Repair)-->d:\totalcmd\tcuninst.exe Total Video Converter 3.11-->"d:\Program Files (x86)\Total Video Converter\unins000.exe" UltraISO Premium V9.36-->"d:\Program Files (x86)\UltraISO\unins000.exe" Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Extended Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2} Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1045" "0" Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1045" "0" Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1045" "0" Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1045" "0" Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}" "1045" "0" Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0415-0000-0000000FF1CE}" "{5BE77AA9-4062-45E8-96F1-EA6EC16C1EE4}" "1045" "0" Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{28FAC187-7C0E-413A-B90A-76F19D0FBF30}" "1045" "0" Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1045" "0" Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1045" "0" Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{007CC0F3-15DE-426D-95B5-B019FCEF58CE}" "1045" "0" Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0057-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1045" "0" Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {128A5449-CF71-4DA4-A746-F49E3B5DB584} Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1045" "0" Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB932232)-->C:\Windows\SysWOW64\msiexec.exe /promptrestart /uninstall {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5} Update for Office 2007 (KB932080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Outlook 2007 (KB937608)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} Veetle TV-->d:\Program Files (x86)\Veetle\UninstallVeetleTV.exe VLC media player 1.1.9-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Winamp-->"d:\Program Files (x86)\Winamp\UninstWA.exe" Windows 7 Manager-->MsiExec.exe /I{9C94B992-B310-4183-854A-CFB7DA90F1D1} Windows Live Communications Platform-->MsiExec.exe /I{03D562B5-C4E2-4846-A920-33178788BE00} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{5E094C92-6288-4F43-AA9A-D452D0218F3F} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{CE52672C-A0E9-4450-8875-88A221D5CD50} Windows Live Installer-->MsiExec.exe /I{5A0EE0F0-E909-4F3B-B437-AAD9252427CB} Windows Live Photo Common-->MsiExec.exe /X{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7} Windows Live PIMT Platform-->MsiExec.exe /I{E3445598-4424-4EE2-B71C-C23325F7FB71} Windows Live SOXE Definitions-->MsiExec.exe /I{0FF9CC94-EF23-401E-BDBD-37403D1A2B38} Windows Live SOXE-->MsiExec.exe /I{6B6923B9-8719-425B-916C-CD2908F31AAF} Windows Live UX Platform Language Pack-->MsiExec.exe /I{2AC01935-3774-4981-98C8-14E93C14372C} Windows Live UX Platform Language Pack-->MsiExec.exe /I{46BC55A2-B4CE-46B5-8303-A2076B899505} Windows Live UX Platform-->MsiExec.exe /I{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Mode-->MsiExec.exe /X{1374CC63-B520-4f3f-98E8-E9020BF01CFF} WinRAR 4.01 beta 1 (64-bit)-->D:\Program Files\WinRAR\uninstall.exe Xiph.Org Open Codecs 0.85.17777-->C:\Program Files (x86)\Xiph.Org\Open Codecs\uninst.exe ======Hosts File====== 127.0.0.1 nero.com 127.0.0.1 www.nero.com 127.0.0.1 activate.nero.com 127.0.0.1 www.activate.nero.com 127.0.0.1 nero.de 127.0.0.1 www.nero.de 127.0.0.1 activate.nero.de 127.0.0.1 www.activate.nero.de### 67.211.196.139 ok.ru 67.211.196.139 m.ok.ru ======System event log====== Computer Name: PIERDOLNIK Event Code: 7036 Message: Usługa Instalator Windows weszła w stan zatrzymania. Record Number: 349505 Source Name: Service Control Manager Time Written: 20130225163029.067761-000 Event Type: Informacje User: Computer Name: PIERDOLNIK Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 349504 Source Name: Service Control Manager Time Written: 20130225162917.553670-000 Event Type: Informacje User: Computer Name: PIERDOLNIK Event Code: 206 Message: Usługa Asystent zgodności programów pomyślnie wykonała inicjowanie fazy drugiej. Record Number: 349503 Source Name: Microsoft-Windows-Application-Experience Time Written: 20130225162829.452955-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: PIERDOLNIK Event Code: 7036 Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan zatrzymania. Record Number: 349502 Source Name: Service Control Manager Time Written: 20130225162750.874088-000 Event Type: Informacje User: Computer Name: PIERDOLNIK Event Code: 7036 Message: Usługa Microsoft .NET Framework NGEN v4.0.30319_X86 weszła w stan zatrzymania. Record Number: 349501 Source Name: Service Control Manager Time Written: 20130225162334.628041-000 Event Type: Informacje User: =====Application event log===== Computer Name: PIERDOLNIK Event Code: 11711 Message: Produkt: Microsoft .NET Framework 4 Client Profile - Błąd 1711. Wystąpił błąd podczas zapisu informacji o instalacji na dysku. Sprawdź, czy na dysku jest dostępna wystarczająca ilość miejsca i kliknij przycisk Ponów próbę lub kliknij przycisk Anuluj, aby zakończyć instalację. Record Number: 317524 Source Name: MsiInstaller Time Written: 20130625063957.000000-000 Event Type: Błędy User: ZARZĄDZANIE NT\SYSTEM Computer Name: PIERDOLNIK Event Code: 11711 Message: Produkt: Microsoft .NET Framework 4 Client Profile - Błąd 1711. Wystąpił błąd podczas zapisu informacji o instalacji na dysku. Sprawdź, czy na dysku jest dostępna wystarczająca ilość miejsca i kliknij przycisk Ponów próbę lub kliknij przycisk Anuluj, aby zakończyć instalację. Record Number: 317523 Source Name: MsiInstaller Time Written: 20130625063957.000000-000 Event Type: Błędy User: ZARZĄDZANIE NT\SYSTEM Computer Name: PIERDOLNIK Event Code: 11711 Message: Produkt: Microsoft .NET Framework 4 Client Profile - Błąd 1711. Wystąpił błąd podczas zapisu informacji o instalacji na dysku. Sprawdź, czy na dysku jest dostępna wystarczająca ilość miejsca i kliknij przycisk Ponów próbę lub kliknij przycisk Anuluj, aby zakończyć instalację. Record Number: 317522 Source Name: MsiInstaller Time Written: 20130625063957.000000-000 Event Type: Błędy User: ZARZĄDZANIE NT\SYSTEM Computer Name: PIERDOLNIK Event Code: 11711 Message: Produkt: Microsoft .NET Framework 4 Client Profile - Błąd 1711. Wystąpił błąd podczas zapisu informacji o instalacji na dysku. Sprawdź, czy na dysku jest dostępna wystarczająca ilość miejsca i kliknij przycisk Ponów próbę lub kliknij przycisk Anuluj, aby zakończyć instalację. Record Number: 317521 Source Name: MsiInstaller Time Written: 20130625063957.000000-000 Event Type: Błędy User: ZARZĄDZANIE NT\SYSTEM Computer Name: PIERDOLNIK Event Code: 11711 Message: Produkt: Microsoft .NET Framework 4 Client Profile - Błąd 1711. Wystąpił błąd podczas zapisu informacji o instalacji na dysku. Sprawdź, czy na dysku jest dostępna wystarczająca ilość miejsca i kliknij przycisk Ponów próbę lub kliknij przycisk Anuluj, aby zakończyć instalację. Record Number: 317520 Source Name: MsiInstaller Time Written: 20130625063957.000000-000 Event Type: Błędy User: ZARZĄDZANIE NT\SYSTEM =====Security event log===== Computer Name: PIERDOLNIK Event Code: 5061 Message: Operacja kryptograficzna. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: RSA Nazwa klucza: 8269f55e-2788-4d43-896c-310253f0cb75 Typ klucza: Klucz komputera. Operacja kryptograficzna: Operacja: Otwórz klucz. Kod powrotny: 0x0 Record Number: 107700 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130316141119.552742-000 Event Type: Sukcesy inspekcji User: Computer Name: PIERDOLNIK Event Code: 5058 Message: Operacja na pliku klucza. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: Niedostępne. Nazwa klucza: 8269f55e-2788-4d43-896c-310253f0cb75 Typ klucza: Klucz komputera. Informacje dotyczące operacji na pliku klucza: Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f434fb8a7aae7dcb65c7ba8982e67fed_a3864c1c-a0e1-471d-ae3e-0a3caaa12bc5 Operacja: Odczytaj trwały klucz z pliku. Kod powrotny: 0x0 Record Number: 107699 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130316141119.552742-000 Event Type: Sukcesy inspekcji User: Computer Name: PIERDOLNIK Event Code: 5061 Message: Operacja kryptograficzna. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: RSA Nazwa klucza: 8269f55e-2788-4d43-896c-310253f0cb75 Typ klucza: Klucz komputera. Operacja kryptograficzna: Operacja: Otwórz klucz. Kod powrotny: 0x0 Record Number: 107698 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130316140619.551186-000 Event Type: Sukcesy inspekcji User: Computer Name: PIERDOLNIK Event Code: 5058 Message: Operacja na pliku klucza. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: Niedostępne. Nazwa klucza: 8269f55e-2788-4d43-896c-310253f0cb75 Typ klucza: Klucz komputera. Informacje dotyczące operacji na pliku klucza: Ścieżka do pliku: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f434fb8a7aae7dcb65c7ba8982e67fed_a3864c1c-a0e1-471d-ae3e-0a3caaa12bc5 Operacja: Odczytaj trwały klucz z pliku. Kod powrotny: 0x0 Record Number: 107697 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130316140619.551186-000 Event Type: Sukcesy inspekcji User: Computer Name: PIERDOLNIK Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-7 Nazwa konta: LOGOWANIE ANONIMOWE Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x1ff9aed Typ logowania: 3 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 107696 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130316140138.006701-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files (x86)\Android\android-sdk\platform-tools;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%systemroot%\System32\WindowsPowerShell\v1.0\;;;C:\Program Files (x86)\QuickTime\QTSystem\;%systemroot%\System32\WindowsPowerShell\v1.0\;;;C:\Program Files (x86)\Windows Live\Shared; "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0402 "VS80COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Tools\ "AVR32_HOME"=D:\Program Files (x86)\WinAVR-20100110 "asl.log"=Destination=file "CLASSPATH"=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ -----------------EOF----------------- [/log] [b] RSIT - log.txt [/b] [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Mateusz at 2014-01-13 08:40:54 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 6 GB (9%) free of 68 GB Total RAM: 4095 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:40:56, on 2014-01-13 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\Program Files (x86)\PDFCreator\PDFCreator.exe D:\Program Files (x86)\SpeedFan\speedfan.exe C:\Program Files\trend micro\Mateusz.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: 67.211.196.139 ok.ru O1 - Hosts: 67.211.196.139 m.ok.ru O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Startup: Dropbox.lnk = C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: PDFCreator.lnk = D:\Program Files (x86)\PDFCreator\PDFCreator.exe O4 - Startup: SpeedFan.lnk = D:\Program Files (x86)\SpeedFan\speedfan.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - d:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CDMA Device Service - Unknown owner - D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - D:\Program Files\Prey\platform\windows\cronsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: OpcEnum - Unknown owner - C:\Windows\SysWOW64\OpcEnum.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11293 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService atieclxx C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "d:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe" "D:\Program Files\Prey\platform\windows\cronsvc.exe" "taskhost.exe" C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" "C:\Windows\system32\Dwm.exe" "C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe" C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" "C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2580 dummy.exe /resident /hidetray /autovaccinate /experimentalntfs /agreelicense "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe" silentrun "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" "C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted HydraDM64.exe -h:65970 "Maksymalizuj na cały pulpit" "Maksymalizuj do wymiarów okna" "Przywróć pulpit" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow "D:\Program Files (x86)\PDFCreator\PDFCreator.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" "D:\Program Files (x86)\SpeedFan\speedfan.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Nero\Update\NASvc.exe" C:\Windows\system32\svchost.exe -k WindowsMobile "C:\Windows\notepad.exe" C:\Users\Mateusz\Desktop\Extras.Txt "C:\Windows\notepad.exe" C:\Users\Mateusz\Desktop\OTL.Txt "taskhost.exe" C:\Windows\servicing\TrustedInstaller.exe "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 "C:\Users\Mateusz\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000UA.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4117203865-960949127-2198854606-1000UA.job =========Mozilla firefox========= ProfilePath - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\jxjqsb00.default prefs.js - "browser.startup.homepage" - "about:home" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.170 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=Wtyczka wykrywacza iTunes "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer] "Description"=TVU Web Player Plugin "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rayv.com/rayvplugin] "Description"=RayV Plugin "Path"=d:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19] "Description"=Veetle TV Core "Path"=d:\Program Files (x86)\Veetle\plugins\npVeetle.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18] "Description"=Veetle TV Player "Path"=d:\Program Files (x86)\Veetle\Player\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.170 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL d:\Program Files (x86)\Mozilla Firefox\components\ nsIQTScriptablePlugin.xpt d:\Program Files (x86)\Mozilla Firefox\plugins\ nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\jxjqsb00.default\extensions\ {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-03-21 75592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-01 75656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-03-21 63304] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-10-26 194432] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - D:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik logowania za pomocą konta Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-03-21 454472] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-03-21 205128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912] "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-10-01 825184] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-05 13269064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] "HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2013-03-28 389120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8ECBF97641ADBC92112E8BF0E4E1640F9AC042E7._service_run] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShare Play] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg] d:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [2008-12-04 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] C:\Users\Mateusz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 137536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] D:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-10-01 152392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5] D:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [2012-01-30 315392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Link] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [2012-12-21 507016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] D:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-02 802136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-10-01 825184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk] C:\PROGRA~2\AMDAVT~1\bin\kdbsync.exe [2012-11-27 46080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mateusz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AQQ.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mateusz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpeedFan.lnk] D:\Program Files (x86)\SpeedFan\speedfan.exe [2013-03-15 4683768] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888] "StartCCC"=d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-03-28 642656] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe PDFCreator.lnk - D:\Program Files (x86)\PDFCreator\PDFCreator.exe SpeedFan.lnk - D:\Program Files (x86)\SpeedFan\speedfan.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2012-04-12 275360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "VIDC.FFDS"=ff_vfw.dll "VIDC.LAGS"=lagarith.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux5"=wdmaud.drv ======File associations====== .ini - open - "D:\Program Files (x86)\GetDiz\GetDiz.exe" "%1" .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-01-13 08:40:54 ----DC---- C:\rsit 2014-01-13 08:40:54 ----D---- C:\Program Files\trend micro 2014-01-04 15:02:15 ----D---- C:\ProgramData\Oracle 2014-01-04 15:02:10 ----A---- C:\Windows\SYSWOW64\javaws.exe 2014-01-04 15:02:05 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-01-04 15:02:05 ----A---- C:\Windows\SYSWOW64\javaw.exe 2014-01-04 15:02:05 ----A---- C:\Windows\SYSWOW64\java.exe 2013-12-28 17:08:35 ----D---- C:\ProgramData\Splashtop 2013-12-28 17:08:17 ----D---- C:\Program Files (x86)\Splashtop 2013-12-22 23:14:08 ----D---- C:\Users\Mateusz\AppData\Roaming\Malwarebytes 2013-12-22 23:13:58 ----D---- C:\ProgramData\Malwarebytes 2013-12-22 23:13:57 ----A---- C:\Windows\system32\drivers\mbam.sys 2013-12-19 10:23:46 ----DC---- C:\Temp 2013-12-16 12:55:17 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2013-12-16 12:55:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-12-16 12:55:16 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\jsproxy.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\ieUnatt.exe 2013-12-16 12:55:16 ----A---- C:\Windows\system32\ieui.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\iesetup.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\iernonce.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\ieetwproxystub.dll 2013-12-16 12:55:16 ----A---- C:\Windows\system32\ie4uinit.exe 2013-12-16 12:55:15 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2013-12-16 12:55:15 ----A---- C:\Windows\system32\mshtml.dll 2013-12-16 12:55:15 ----A---- C:\Windows\system32\jscript9diag.dll 2013-12-16 12:55:15 ----A---- C:\Windows\system32\ieetwcollector.exe 2013-12-16 12:55:15 ----A---- C:\Windows\system32\ieapfltr.dll 2013-12-16 12:55:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-12-16 12:55:14 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2013-12-16 12:55:14 ----A---- C:\Windows\system32\iertutil.dll 2013-12-16 12:55:13 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-12-16 12:55:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-12-16 12:55:13 ----A---- C:\Windows\system32\wininet.dll 2013-12-16 12:55:13 ----A---- C:\Windows\system32\urlmon.dll 2013-12-16 12:55:09 ----A---- C:\Windows\system32\ieframe.dll 2013-12-16 12:55:08 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-12-16 12:55:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-12-16 12:55:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-12-16 12:55:07 ----A---- C:\Windows\system32\jscript9.dll 2013-12-14 19:18:32 ----A---- C:\Windows\system32\IEUDINIT.EXE 2013-12-14 19:15:27 ----A---- C:\Windows\SYSWOW64\elshyph.dll 2013-12-14 19:15:27 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-14 19:15:25 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-12-14 19:15:25 ----A---- C:\Windows\SYSWOW64\msls31.dll 2013-12-14 19:15:25 ----A---- C:\Windows\SYSWOW64\jsIntl.dll 2013-12-14 19:15:25 ----A---- C:\Windows\system32\elshyph.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\wextract.exe 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\url.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\msrating.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\licmgr10.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\inseng.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\iexpress.exe 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\icardie.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2013-12-14 19:15:24 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\pngfilt.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\occache.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\mshtmler.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\mshta.exe 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\imgutil.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2013-12-14 19:15:23 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll 2013-12-14 19:15:23 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-14 19:15:23 ----A---- C:\Windows\system32\msrating.dll 2013-12-14 19:15:23 ----A---- C:\Windows\system32\msls31.dll 2013-12-14 19:15:23 ----A---- C:\Windows\system32\jsIntl.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\wextract.exe 2013-12-14 19:15:22 ----A---- C:\Windows\system32\webcheck.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\vbscript.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\url.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2013-12-14 19:15:22 ----A---- C:\Windows\system32\pngfilt.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\occache.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\mshtmlmedia.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\mshtmler.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\mshtmled.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\mshta.exe 2013-12-14 19:15:22 ----A---- C:\Windows\system32\msfeedssync.exe 2013-12-14 19:15:22 ----A---- C:\Windows\system32\msfeedsbs.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\msfeeds.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\licmgr10.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\inseng.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\iexpress.exe 2013-12-14 19:15:22 ----A---- C:\Windows\system32\iesysprep.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\iedkcs32.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\ieapfltr.dat 2013-12-14 19:15:22 ----A---- C:\Windows\system32\IEAdvpack.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\icardie.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\dxtrans.dll 2013-12-14 19:15:22 ----A---- C:\Windows\system32\dxtmsft.dll 2013-12-14 19:15:21 ----A---- C:\Windows\system32\MshtmlDac.dll 2013-12-14 19:15:21 ----A---- C:\Windows\system32\jscript.dll 2013-12-14 19:15:21 ----A---- C:\Windows\system32\imgutil.dll 2013-12-14 19:15:21 ----A---- C:\Windows\system32\iepeers.dll ======List of files/folders modified in the last 1 month====== 2014-01-13 08:40:55 ----D---- C:\Windows\Temp 2014-01-13 08:40:54 ----RD---- C:\Program Files 2014-01-13 08:34:49 ----D---- C:\Windows\system32\config 2014-01-13 08:22:38 ----A---- C:\Windows\SYSWOW64\TempWmicBatchFile.bat 2014-01-13 08:00:49 ----AD---- C:\ProgramData\TEMP 2014-01-13 07:44:35 ----D---- C:\Users\Mateusz\AppData\Roaming\Dropbox 2014-01-12 16:58:22 ----D---- C:\Users\Mateusz\AppData\Roaming\uTorrent 2014-01-12 16:38:53 ----D---- C:\Windows\System32 2014-01-12 16:38:53 ----D---- C:\Windows\inf 2014-01-12 16:38:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-01-04 15:02:15 ----HD---- C:\ProgramData 2014-01-04 15:02:14 ----SHD---- C:\Windows\Installer 2014-01-04 15:02:14 ----SHD---- C:\Config.Msi 2014-01-04 15:02:13 ----D---- C:\Program Files (x86)\Common Files 2014-01-04 15:02:10 ----D---- C:\Windows\SysWOW64 2014-01-04 15:02:05 ----D---- C:\Program Files (x86)\Java 2014-01-03 20:00:45 ----A---- C:\Windows\OutLog.txt 2014-01-03 19:53:31 ----A---- C:\Windows\BcdLog.txt 2014-01-02 16:21:03 ----D---- C:\Users\Mateusz\AppData\Roaming\vlc 2013-12-31 09:31:14 ----D---- C:\Windows\system32\catroot2 2013-12-28 17:08:17 ----RD---- C:\Program Files (x86) 2013-12-27 11:35:14 ----D---- C:\Windows\winsxs 2013-12-27 11:19:55 ----D---- C:\Windows\system32\FxsTmp 2013-12-27 11:17:00 ----D---- C:\Windows 2013-12-27 11:16:59 ----D---- C:\Windows\system32\DriverStore 2013-12-27 11:16:59 ----D---- C:\Windows\system32\catroot 2013-12-27 11:16:21 ----D---- C:\Windows\twain_32 2013-12-27 11:14:32 ----RSD---- C:\Windows\Fonts 2013-12-27 11:14:32 ----D---- C:\ProgramData\HP 2013-12-27 11:13:54 ----D---- C:\Program Files (x86)\HP 2013-12-27 11:08:52 ----D---- C:\ProgramData\Microsoft Help 2013-12-27 11:05:53 ----D---- C:\Program Files (x86)\Google 2013-12-27 10:36:09 ----D---- C:\Windows\system32\drivers 2013-12-27 10:33:41 ----D---- C:\Program Files\SAMSUNG 2013-12-27 10:21:23 ----D---- C:\ProgramData\Sony Ericsson 2013-12-27 10:21:21 ----D---- C:\Program Files (x86)\Sony Ericsson 2013-12-27 10:19:11 ----D---- C:\ProgramData\KONAMI 2013-12-27 10:18:31 ----DC---- C:\Windows\system32\DRVSTORE 2013-12-27 10:12:18 ----RSD---- C:\Windows\assembly 2013-12-27 10:11:24 ----D---- C:\ProgramData\National Instruments 2013-12-27 10:10:40 ----A---- C:\Windows\MC9.INI 2013-12-27 10:08:09 ----A---- C:\Windows\win.ini 2013-12-27 10:06:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-12-27 10:05:33 ----D---- C:\Program Files (x86)\MSBuild 2013-12-26 12:51:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-12-25 12:37:01 ----D---- C:\Windows\Prefetch 2013-12-23 15:13:45 ----D---- C:\Windows\system32\drivers\etc 2013-12-19 10:02:35 ----D---- C:\Program Files\Internet Explorer 2013-12-19 10:02:35 ----D---- C:\Program Files (x86)\Internet Explorer 2013-12-16 19:28:46 ----D---- C:\Windows\rescache 2013-12-15 11:56:21 ----D---- C:\Windows\SYSWOW64\pl-PL 2013-12-15 11:56:20 ----D---- C:\Windows\system32\pl-PL 2013-12-15 11:56:16 ----D---- C:\Windows\SYSWOW64\migration 2013-12-15 11:56:16 ----D---- C:\Windows\SYSWOW64\en-US 2013-12-15 11:56:13 ----D---- C:\Windows\PolicyDefinitions 2013-12-15 11:56:12 ----D---- C:\Windows\system32\migration 2013-12-15 11:56:11 ----D---- C:\Windows\system32\en-US 2013-12-14 19:18:32 ----D---- C:\Windows\Logs 2013-12-14 19:14:18 ----D---- C:\Windows\system32\MRT 2013-12-14 19:11:32 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600] R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392] R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832] R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024] R2 AODDriver4.1;AODDriver4.1; \??\D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-12-04 314368] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-02-14 96768] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-02-05 3317832] R3 NTIOLib_1_0_3;NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-10-25 13368] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-27 805088] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] R3 vpcbus;Usługa magistrali hosta programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944] R3 vpcusb;Usługa łącznika wirtualizacji USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232] S2 AODDriver4.2;AODDriver4.2; \??\d:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys [] S3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [] S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-10-28 107288] S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008] S3 DualCoreCenter;DualCoreCenter; \??\D:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-04-12 44344] S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-03-24 14216] S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-03-24 8456] S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-06-29 14448] S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-06-29 27760] S3 MHIKEY10;MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [2010-09-15 60288] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\D:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [] S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\D:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] S3 NTIOLib_1_0_6;NTIOLib_1_0_6; \??\C:\Program Files (x86)\Setup Files\Ms7576v3B0\NTIOLib_X64.sys [2011-01-06 11888] S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys [] S3 NTIOLib_1_1_S;NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [] S3 PAC7302;i-Look 317; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 526848] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys [] S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys [] S3 RAMDiskVE;RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [2012-11-29 73552] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RushTopDevice_J;RushTopDevice_J; \??\D:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080] S3 RushTopDevice2;RushTopDevice2; \??\D:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 204568] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688] S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-03-26 37888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736] S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service; d:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 361984] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 Bonjour Service;Usługa Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 CDMA Device Service;CDMA Device Service; D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232] R2 CronService;Cron Service for Prey; D:\Program Files\Prey\platform\windows\cronsvc.exe [2011-02-15 19968] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MSI_SuperCharger;MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-12-21 144008] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-10-28 75136] R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-10-28 189248] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 SplashtopRemoteService;Splashtop® Remote Service; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-10-24 790880] R2 SSUService;Splashtop Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-09 609056] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] S2 SkypeUpdate;Skype Updater; D:\Program Files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-26 257416] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-05-10 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2013-10-01 641352] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-24 118680] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 OpcEnum;OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-25 1255736] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- [/log] [b] DDS - dds.txt [/b] [log] DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by Mateusz at 8:50:14 on 2014-01-13 #Option Extended Search is enabled. Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4095.2210 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe d:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe D:\Program Files\Prey\platform\windows\cronsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe d:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe D:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe D:\Program Files (x86)\SpeedFan\speedfan.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Pomocnik logowania za pomocą konta Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [StartCCC] "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Mateusz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Mateusz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - D:\Program Files (x86)\PDFCreator\PDFCreator.exe StartupFolder: C:\Users\Mateusz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - D:\Program Files (x86)\SpeedFan\speedfan.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: SynchronousMachineGroupPolicy = dword:0 mPolicies-System: SynchronousUserGroupPolicy = dword:0 IE: Add to Google Photos Screensa&ver - <no file> IE: E&ksportuj do programu Microsoft Excel - D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 87.204.204.204 62.233.233.233 TCP: Interfaces\{B0FFEDEA-8397-4A1A-B901-3824AFF30540} : DHCPNameServer = 87.204.204.204 62.233.233.233 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned> x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll Hosts: 67.211.196.139 ok.ru Hosts: 67.211.196.139 m.ok.ru . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\jxjqsb00.default\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Mateusz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\jxjqsb00.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\jxjqsb00.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll FF - plugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll FF - plugin: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: d:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll FF - plugin: d:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: d:\Program Files (x86)\Veetle\plugins\npVeetle.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-24 65024] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984] R2 AODDriver4.1;AODDriver4.1;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 CDMA Device Service;CDMA Device Service;D:\Program Files (x86)\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-2 159232] R2 CronService;Cron Service for Prey;D:\Program Files\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-5-10 144008] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944] R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-10-24 790880] R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-9 609056] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 NisSrv;Inspekcja sieci firmy Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-5-10 13368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-24 805088] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-3-24 44672] S2 AODDriver4.2;AODDriver4.2;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;D:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-25 46136] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288] S3 DualCoreCenter;DualCoreCenter;D:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2011-5-25 44344] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-12 16776] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-12 9096] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-6-29 14448] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-16 111616] S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-10-21 97552] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;D:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-12-31 14136] S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7576v3B0\NTIOLib_X64.sys [2011-1-6 11888] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-9-1 19936] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-9-1 13280] S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-11-29 73552] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456] S3 RushTopDevice_J;RushTopDevice_J;D:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2011-5-25 33080] S3 RushTopDevice2;RushTopDevice2;D:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2011-5-25 75576] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568] S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-25 1255736] . =============== File Associations =============== . FileExt: .ini: GetDiz.Document="D:\Program Files (x86)\GetDiz\GetDiz.exe" "%1" . =============== Created Last 60 ================ . 2014-01-13 07:40:54 -------- d-----w- C:\Program Files\trend micro 2014-01-12 11:09:15 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{280960B9-10FA-4078-B2C3-16FC05547E63}\mpengine.dll 2014-01-10 16:48:30 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-01-04 14:02:15 -------- d-----w- C:\ProgramData\Oracle 2014-01-04 14:02:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-02 15:58:05 -------- d-----w- C:\Users\Mateusz\AppData\Local\Tipard Studio 2013-12-28 16:09:27 -------- d-----w- C:\Users\Mateusz\AppData\Local\Splashtop 2013-12-28 16:08:35 -------- d-----w- C:\ProgramData\Splashtop 2013-12-28 16:08:17 -------- d-----w- C:\Program Files (x86)\Splashtop 2013-12-22 22:14:08 -------- d-----w- C:\Users\Mateusz\AppData\Roaming\Malwarebytes 2013-12-22 22:13:58 -------- d-----w- C:\ProgramData\Malwarebytes 2013-12-22 22:13:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-12-19 09:23:46 -------- dc----w- C:\Temp 2013-12-12 19:40:03 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2013-12-12 19:40:03 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2013-12-12 19:40:02 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2013-12-12 19:40:02 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2013-12-12 19:14:02 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-12 19:14:01 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-12-11 13:15:48 -------- d-----w- C:\Windows\rescache 2013-12-11 10:09:48 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95A4AE7C-E081-4F79-898D-28E49203910F}\gapaengine.dll 2013-11-24 16:31:33 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-24 16:31:33 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-11-24 16:31:22 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-24 16:31:18 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-11-24 16:31:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-11-24 16:31:17 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-24 16:31:17 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-11-24 16:31:17 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-11-24 16:31:17 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll . ==================== Find6M ==================== . 2014-01-13 07:42:38 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2013-12-26 11:51:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-26 11:51:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-10-28 00:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-10-28 00:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx 2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx 2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe 2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe 2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe 2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe 2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys 2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL . ============= FINISH: 8:51:16,59 =============== [/log] [b] DDS - attach.txt [/b] [log] . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2011-05-25 12:23:42 System Uptime: 2014-01-13 07:42:09 (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 785G-E53 (MS-7576) Processor: AMD Phenom(tm) II X4 925 Processor | CPU1 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 66 GiB total, 6,096 GiB free. D: is FIXED (NTFS) - 399 GiB total, 163,208 GiB free. E: is FIXED (NTFS) - 932 GiB total, 28,651 GiB free. F: is CDROM () X: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 64-bit fixes Adobe Reader X (10.1.8) Adobe Shockwave Player 11.5 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel Apple Mobile Device Support Apple Software Update Application Profiles µTorrent BankBrowser Battlefield 3™ BIOS Code Unlocked Technology Bonjour Call of Juarez The Cartel Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Centrum obsługi urządzeń z systemem Windows Mobile Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników Chinese Traditional Fonts Support For Adobe Reader X ClassicPro© v1.15 CodeBlocks Counter-Strike CPUID HWMonitor 1.22 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Detektor Winampa DFX for Winamp DivX Setup Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 Dropbox Duke Nukem Forever EASEUS Partition Master 8.0.1 Home Edition F.E.A.R. 3 Facebook Video Calling 1.2.0.159 Football Manager 2014 Free PDF to Word Doc Converter v1.1 Galeria fotografii GetDiz 4.5 Google Chrome Google Drive Google Earth Google Talk Plugin Google Update Helper High-Definition Video Playback 10 HiJackThis Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Update HydraVision IrfanView (remove only) iTunes Java 7 Update 45 Java Auto Updater Java(TM) 7 (64-bit) Java(TM) SE Development Kit 7 (64-bit) JavaFX 2.1.1 JDownloader 0.9 K-Lite Codec Pack (64-bit) v4.6.0 L.A. Noire Last.fm Scrobbler 2.1.36 Live Update 5 LiveVDO plugin 1.3 Lizardtech DjVu Control LOGO!Soft Comfort V7.0 Malwarebytes Anti-Malware wersja 1.75.0.1300 Mathematica Player (M-WIN-D 7.0.1 1223367) Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile PLK Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended PLK Language Pack Microsoft Antimalware Service PL-PL Language Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft MSDN 2005 Express Edition - ENU Microsoft Office Access MUI (Polish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Polish) 2007 Microsoft Office Groove MUI (Polish) 2007 Microsoft Office InfoPath MUI (Polish) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Polish) 2007 Microsoft Office Outlook MUI (Polish) 2007 Microsoft Office PowerPoint MUI (Polish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (German) 2007 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Polish) 2007 Microsoft Office Proof (Polish) 2010 Microsoft Office Proofing (Polish) 2007 Microsoft Office Proofing (Polish) 2010 Microsoft Office Publisher MUI (Polish) 2007 Microsoft Office Shared 64-bit MUI (Polish) 2007 Microsoft Office Shared 64-bit MUI (Polish) 2010 Microsoft Office Shared MUI (Polish) 2007 Microsoft Office Shared MUI (Polish) 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (Polish) 2010 Microsoft Office Word MUI (Polish) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Security Client Microsoft Security Client PL-PL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visio Professional 2010 Microsoft Visual C++ 2005 Express Edition - ENU Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU Microsoft Xbox 360 Accessories 1.2 Movie Maker Mozilla Firefox 24.0 (x86 pl) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multiupload Batch Uploader 1.0 NapiProjekt 1.0.6.9 Need for Speed Most Wanted version 5.1 Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) nLite 1.4.9.1 Notepad++ Obsługa programów Apple Office Tab FreeEdition 9.20 OpenAL Opera 11.52 OPT Design Assistant OverclockingCenter Panda USB Vaccine 1.0.1.4 PDFCreator Photo Common Photo Gallery Picasa 3 PL-IPTV PlayReady PC Runtime x86 Podstawowe programy Windows Live Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended Portal 2 Pro Evolution Soccer 2013 Pro Evolution Soccer 2014 PunkBuster Services QuickSFV (Remove only) QuickTime Rapture3D 2.4.8 Game Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Rockstar Games Social Club Saints Row The Third Samsung Kies SAMSUNG USB Driver for Mobile Phones Secure Download Manager Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2584066) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB2251481) Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB2538218) Security Update for Office 2007 (KB934062) Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Publisher 2007 (KB936646) Security Update for the 2007 Microsoft Office System (KB936960) Skype™ 6.3 Snagit 10.0.1 SopCast 3.5.0 SpeedFan (remove only) Splashtop Software Updater Splashtop Streamer Steam Street Fighter X Tekken Super-Charger SyncToy 2.1 (x64) System Requirements Lab CYRI The Walking Dead (c) 3 version 1 The Walking Dead Survival Instinct (c) Activision version 1 Tombraider Total Commander (Remove or Repair) Total Video Converter 3.11 UltraISO Premium V9.36 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB932232) Update for Office 2007 (KB932080) Update for Outlook 2007 (KB937608) VC80CRTRedist - 8.0.50727.6195 Veetle TV VideoGenie VLC media player 1.1.9 Winamp Windows 7 Manager Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Windows XP Mode WinRAR 4.01 beta 1 (64-bit) Xiph.Org Open Codecs 0.85.17777 . ==== End Of File =========================== [/log]
majmetro komentarz 16 stycznia 2014 komentarz 16 stycznia 2014 A sprawdzałeś jak wygląda zużycie procka? Czy jest na normalnym poziomie, czy dochodzi do 100% ?
iwan59 komentarz 17 stycznia 2014 Autor komentarz 17 stycznia 2014 Zużycie procesora raczej normalne, nie dochodziło do 100%.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.