- Kod: Zaznacz wszystko
# AdwCleaner v3.207 - Log utworzony 05/05/2014 o 15:50:24
# Aktualizacja 05/05/2014 przez Xplode
# System operacyjny : Windows 7 Ultimate (64 bits)
# Użytkownik : MARZENA - MARZENAU
# Ścieżka : C:\Users\MARZENA\Downloads\AdwCleaner.exe
# Opcja : Usuń
***** [ Usługi ] *****
***** [ Pliki / Foldery ] *****
Folder Usunięto : C:\ProgramData\DeaelExapress
Folder Usunięto : C:\ProgramData\YTaAddRemovaL
Folder Usunięto : C:\Program Files (x86)\DeaelExapress
Folder Usunięto : C:\Program Files (x86)\YTaAddRemovaL
Folder Usunięto : C:\Windows\SysWOW64\AI_RecycleBin
Folder Usunięto : C:\Users\MARZENA\AppData\Local\Temp\webget
Folder Usunięto : C:\Users\Eryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Usunięto : C:\Users\Eryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdojbieieakehddljnhhimkfoohmbnlc
***** [ Skróty ] *****
***** [ Rejestr ] *****
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealExpress.DealExpress
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealExpress.DealExpress.2.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\YTAddRemovaL.YTAddRemovaL
Klucz Usunięto : HKLM\SOFTWARE\Classes\YTAddRemovaL.YTAddRemovaL.1.5
Klucz Usunięto : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{47497286-C20C-F31B-4C0C-999331B0F85F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{581DBCCB-F193-5746-F020-DB3CF1517BD7}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47497286-C20C-F31B-4C0C-999331B0F85F}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{581DBCCB-F193-5746-F020-DB3CF1517BD7}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47497286-C20C-F31B-4C0C-999331B0F85F}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{581DBCCB-F193-5746-F020-DB3CF1517BD7}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{47497286-C20C-F31B-4C0C-999331B0F85F}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581DBCCB-F193-5746-F020-DB3CF1517BD7}
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{47497286-C20C-F31B-4C0C-999331B0F85F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{581DBCCB-F193-5746-F020-DB3CF1517BD7}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B89C9191-DEEC-41E4-8DC7-2EBF2BEA1DCB}
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
***** [ Przeglądarki internetowe ] *****
-\\ Internet Explorer v8.0.7600.16839
-\\ Google Chrome v34.0.1847.131
[ Plik : C:\Users\Eryk\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Usunięto [Extension] : gdojbieieakehddljnhhimkfoohmbnlc
Usunięto [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
[ Plik : C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Usunięto [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Usunięto [Search Provider] : hxxp://www.softonic.pl/s/{searchTerms}
Usunięto [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
*************************
AdwCleaner[R3].txt - [4801 octets] - [05/05/2014 15:48:34]
AdwCleaner[S3].txt - [4621 octets] - [05/05/2014 15:50:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4681 octets] ##########
combofix
- Kod: Zaznacz wszystko
ComboFix 14-04-20.01 - MARZENA 2014-05-05 16:29:16.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3835.2495 [GMT 2:00]
Uruchomiony z: c:\users\MARZENA\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MARZENA\AppData\Roaming\Microsoft\Windows\Recent\Smashmuck Champions.url
c:\windows\DPINST.LOG
.
.
((((((((((((((((((((((((( Pliki utworzone od 2014-04-05 do 2014-05-05 )))))))))))))))))))))))))))))))
.
.
2014-05-05 14:45 . 2014-05-05 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-05 13:49 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-05 13:48 . 2014-05-05 13:50 -------- d-----w- C:\AdwCleaner
2014-05-05 13:14 . 2014-05-05 13:14 -------- d-----w- c:\users\MARZENA\AppData\Roaming\hpqLog
2014-04-28 18:19 . 2014-04-28 18:19 -------- d-----w- c:\users\MARZENA\AppData\Roaming\Curse Advertising
2014-04-28 18:19 . 2014-04-28 19:49 -------- d-----w- c:\users\MARZENA\AppData\Roaming\Curse Client
2014-04-28 18:19 . 2014-04-28 18:19 -------- d-----w- c:\users\MARZENA\AppData\Roaming\Curse
2014-04-21 03:06 . 2014-05-05 03:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D9C14E1-13B1-4D73-8E4B-C178A19119E1}\offreg.dll
2014-04-06 00:26 . 2014-04-06 00:26 -------- d-----w- c:\users\MARZENA\.gstreamer-0.10
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-21 19:03 . 2014-03-21 19:03 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2014-03-18 16:07 . 2014-03-18 16:07 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-02-06 17:38 . 2011-08-21 18:12 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-02-06 17:38 . 2011-08-21 18:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-10-19 2967880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\users\MARZENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\MARZENA\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-4-28 8517896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\MARZENA\AppData\Local\Temp\0057B48.tmp;c:\users\MARZENA\AppData\Local\Temp\0057B48.tmp [x]
R3 X6va006;X6va006;c:\users\MARZENA\AppData\Local\Temp\00690DF.tmp;c:\users\MARZENA\AppData\Local\Temp\00690DF.tmp [x]
R3 X6va007;X6va007;c:\users\MARZENA\AppData\Local\Temp\007B323.tmp;c:\users\MARZENA\AppData\Local\Temp\007B323.tmp [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-04 02:11 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 19:54]
.
2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 19:54]
.
.
--------- X64 Entries -----------
.
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:1722623130&ie=ISO-8859-1&sa=Search&q=%s
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 91.232.90.18 91.232.90.19
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKLM-Run-PC Booster - d:\pc booster\PCBooster.exe
ShellIconOverlayIdentifiers-{E68D0A50-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A51-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A52-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
ShellIconOverlayIdentifiers-{E68D0A53-3C40-4712-B90D-DCFA93FF2534} - c:\programdata\GG\ggdrive\ggdrive-overlay.dll
HKLM-Run-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\MARZENA\AppData\Local\Temp\0057B48.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\MARZENA\AppData\Local\Temp\00690DF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\MARZENA\AppData\Local\Temp\007B323.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1356928267-1520858341-1132277051-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,db,e7,8e,a1,a4,5a,24,e2,19,4e,c7,10,5c,51,e9,28,c8,17,d5,ef,
06,84,25,fc,d5,53,55,2a,12,71,79,67,ee,95,07,db,25,3a,84,c5,3f,e4,5b,e1,b1,\
"rkeysecu"=hex:09,cc,d5,6f,6d,44,bb,11,d0,7d,29,bc,2a,9f,75,05
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG17.00.00.01PROFESSIONAL"="1EE5EE811F6EC8D05BDF08B7125EE6D3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67948692DC62449703F2BBC3310FADE9EDEEDE3212554A9E818FFA852304A5CF5471B9DCAF3177564B09BBC3D0682949209F40BAD0E6A40E3A4F1D4BEEE2F775C818882EE666C0E8C3033184D03AEEA8A7D1A61E4BE4571F0C4390CCF92B12B90AE63ACC50B4A95AEEFBE83DACB01E54C0690323CB92B4FC943A8C02FA5B99C8B0B26C02AEF3CB7801F48427D59AE3DA60AF9E158DD9211923641EE81C94489409360F9C399E5856654E7B82AEEC0710A9CF1244C3C79526BB582400FA1DECD0138FE76D1CD49049B652951090BF5E8AF9DB4D03130E201D940ED1CDAA5F6AF785C18EC975574D6B492AF198464DD6A55FC513AA1400E1BA9964B05B30683646C533708BD78F799B21E680E49076F07F1BE87A175397107D6A9B1B3305EB5ABDF2ADCE90CB85147A787A0A442440BFFDA47F6C2651F1F32ADAD9C06718BCF5225CDFBDBACA6AAFEF3CBDA589A750EC44A6A9A9BC84CDE9C972A8A50C4B58BB7F065DA6EEC490F5A48E6B420CB7F334C100ED45C1D592E5A86D7423BAF4D8709FAA1AC4979CEE1F88C42322A5E49B65A24233A3A0A248E955B890628E5E836E9534F1ABA2A89EFC4C68E75AB4B2DA645AB34602CAB91C91A57A30E42946BBA536C4A4BD80B56171663621559C98E7ABA1D0D76EB2625E08310AED7E305D8D961AB0D134A70018F291209A4F4384A0C4F2457BCA4FD4041153F0C6564A4CA5D99F00029C91BDCA8FCACC83DA945484528C75A9CE1DBEA6002CF09CE8A42A5617E56F9DD6BB932464D594EEDE7EDC370771F8BF059C3F02BE21FBB404F107150D54EFF597281E73253786D41472E6802C6B187D4CCF6EF74B5A3B37CD6364FA8F93A53BE95CE92A99B9E09088682C4B1D02520857BF520D36C209B3BDB438C7848FE804A761FCDF9C6C9CE19DDA60AA4B87D9662C76E96A258B741A9D216CDD647A474B83C54DCF9CA0E1EA09C824CFB98D9585A60525DDD0A7C2C08F68DEC03FC87F6F809BC4D91E6B8EB455349113816A20B6757E69D586D0E8DF8651611B37B487B27977447E38A8B32960A4B370CE3B47AD1BFA90E9A7819595C9A3BA3B02B9073B19731EE6967616195B230A87615E0F826E1566D02A7BA563F42BA413691B5B93E1AC185CF7B530B54CBF8A1E8E76AC32996DABE817C22E2EF8B9CC39CDDB94A928C56ECEAF8D30190C8D1C993D6B8A1D9C2897B20B1EF5C0192356E51FC6F65194E35151A468773DC9A11A08EA67480649EBD052371B78C66CC0D5F8E468FB4023AFE01A52731A028617D517A75AB618C6E47512E10966D1606E56F138124F10"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-05-05 16:52:46
ComboFix-quarantined-files.txt 2014-05-05 14:52
.
Przed: 36 205 035 520 bajtów wolnych
Po: 40 640 143 360 bajtów wolnych
.
- - End Of File - - 52F7896BB61D7F8C416D83BCA327772F
A36C5E4F47E84449FF07ED3517B43A31
otl>
- Kod: Zaznacz wszystko
OTL logfile created on: 2014-05-05 16:55:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARZENA\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,75 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 56,38% Memory free
7,49 Gb Paging File | 5,73 Gb Available in Paging File | 76,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,83 Gb Total Space | 37,94 Gb Free Space | 53,57% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 70,67 Gb Free Space | 90,46% Space Free | Partition Type: NTFS
Computer Name: MARZENAU | User Name: MARZENA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014-05-05 16:23:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MARZENA\Downloads\OTL_[www.programosy.pl].exe
PRC - [2014-04-24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-08-21 16:26:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-10-19 17:41:09 | 002,967,880 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectify.exe
PRC - [2011-09-29 20:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe
PRC - [2011-09-29 20:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014-04-24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
MOD - [2014-04-24 02:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014-04-24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014-04-24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014-04-24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014-04-24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014-04-24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2011-09-29 20:10:22 | 000,035,144 | ---- | M] () -- C:\Program Files (x86)\Connectify\Scannify.dll
MOD - [2011-09-29 20:10:20 | 000,022,856 | ---- | M] () -- C:\Program Files (x86)\Connectify\DriverLib.dll
MOD - [2011-09-29 20:10:18 | 000,014,152 | ---- | M] () -- C:\Program Files (x86)\Connectify\BuildProps.dll
MOD - [2011-08-15 07:15:10 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\763c77ff72e7805a806876425570d8c5\System.WorkflowServices.ni.dll
MOD - [2011-08-15 07:14:29 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1c5c4880bf7ca01080700eea49e05e11\System.ServiceModel.Web.ni.dll
MOD - [2011-08-15 07:11:09 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2f46039c9e993a3a6fd57c675fd4aaec\System.IdentityModel.ni.dll
MOD - [2011-08-15 07:11:07 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\55cdcfcdc452a9142b4e67acb154a362\System.Runtime.Serialization.ni.dll
MOD - [2011-08-15 07:11:05 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\57c319928a4eb8d9a4b88cc089e30080\SMDiagnostics.ni.dll
MOD - [2011-08-15 07:11:04 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3c40b3b501f97062edd05ff330779af2\System.ServiceModel.ni.dll
MOD - [2011-08-15 07:10:42 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011-08-15 07:10:21 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011-08-15 07:10:19 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll
MOD - [2011-08-15 07:10:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011-08-15 07:10:05 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\21cc2572fbb5a3a7e0ef085d7bf27eca\System.Security.ni.dll
MOD - [2011-08-15 06:43:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011-08-15 06:43:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011-08-15 06:43:02 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011-08-15 06:42:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009-07-14 19:55:10 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_pl_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009-07-14 19:55:10 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_pl_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2009-07-14 19:55:05 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll
MOD - [2009-07-14 19:55:04 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2010-04-23 17:55:56 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-07-08 12:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2014-01-07 23:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-08-21 16:26:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-08-30 19:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012-08-28 01:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011-09-29 20:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002-09-09 19:20:54 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2002-09-09 19:20:12 | 000,180,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\Programs\vmware-authd.exe -- (VMAuthdService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:[b]64bit:[/b] - [2014-03-21 21:03:57 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:[b]64bit:[/b] - [2014-03-18 18:07:48 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:[b]64bit:[/b] - [2013-09-13 07:49:50 | 000,142,008 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:[b]64bit:[/b] - [2012-12-13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011-08-02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-05-06 05:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2010-04-16 06:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-04-16 05:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-02-08 21:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009-09-22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009-08-23 17:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2009-08-13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-08 12:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2009-07-08 12:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002-09-09 19:24:12 | 000,019,618 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\vmx86.sys -- (vmx86)
DRV - [2002-09-09 19:17:52 | 000,007,331 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\vmparport.sys -- (VMparport)
DRV - [2002-09-09 19:17:00 | 000,015,388 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\hcmon.sys -- (hcmon)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..\SearchScopes\{463651D0-0FC8-499b-93B4-4E705583F90F}: "URL" = http://home.speedbit.com/search.aspx?aff=206&q={searchTerms}
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.com/cse?cx=partner-pub-6697027465779297:1722623130&ie=ISO-8859-1&sa=Search&q={searchTerms}
IE - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\MARZENA\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\MARZENA\AppData\LocalLow\Square Enix\nprun3d.dll File not found
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\MARZENA\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MARZENA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: D:\Assassin's Creed Brotherhood\UbisoftGameLauncher-perfect\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
[2013-08-03 13:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARZENA\AppData\Roaming\mozilla\Extensions
[2012-03-18 20:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-08-13 20:28:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-10-26 18:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012-02-23 01:12:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012-02-28 18:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\MARZENA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\MARZENA\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: Google Translate = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: YouTube = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: AdBlock = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Zapisz na Dysku Google = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\2.1.0_0\
CHR - Extension: Google Wallet = C:\Users\MARZENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014-05-05 16:45:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:[b]64bit:[/b] - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - Startup: C:\Users\MARZENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk = C:\Users\MARZENA\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1356928267-1520858341-1132277051-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.232.90.18 91.232.90.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4206942B-B4DE-4295-97D7-337EEF12A37D}: DhcpNameServer = 91.232.90.18 91.232.90.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4392AAF3-40C7-4693-9B97-6CA1044E265C}: DhcpNameServer = 89.108.195.21 217.17.34.10
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-03-18 19:47:10 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014-05-05 16:53:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-05-05 16:53:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014-05-05 16:26:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014-05-05 16:26:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014-05-05 16:26:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014-05-05 16:26:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014-05-05 16:25:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014-05-05 16:15:55 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\Documents\Nowy folder
[2014-05-05 15:49:52 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014-05-05 15:48:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-05-05 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\AppData\Roaming\hpqLog
[2014-05-05 15:07:53 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\Documents\Freemake
[2014-04-28 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\AppData\Roaming\Curse Advertising
[2014-04-28 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\AppData\Roaming\Curse Client
[2014-04-28 20:19:13 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\AppData\Roaming\Curse
[2014-04-06 02:26:34 | 000,000,000 | ---D | C] -- C:\Users\MARZENA\.gstreamer-0.10
[2012-06-17 14:27:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\MARZENA\AppData\Roaming\MinecraftSP.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014-05-05 16:45:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014-05-05 16:21:38 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-05-05 16:21:38 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-05-05 16:13:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-05-05 15:43:37 | 000,415,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-05-05 15:21:13 | 000,000,600 | ---- | M] () -- C:\Users\MARZENA\AppData\Roaming\winscp.rnd
[2014-05-05 15:01:17 | 001,663,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-05-05 15:01:17 | 000,738,192 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-05-05 15:01:17 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-05-05 15:01:17 | 000,154,848 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-05-05 15:01:17 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-05 14:43:43 | 000,002,561 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014-05-05 14:43:43 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2014-05-05 13:26:56 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-05 13:26:55 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-04-28 20:19:31 | 000,001,048 | ---- | M] () -- C:\Users\MARZENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014-05-05 16:26:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014-05-05 16:26:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014-05-05 16:26:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014-05-05 16:26:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014-05-05 16:26:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014-05-05 13:47:15 | 000,002,561 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014-05-05 13:47:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2014-05-04 04:10:29 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-04 04:10:17 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-04-28 20:19:31 | 000,001,048 | ---- | C] () -- C:\Users\MARZENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
[2014-04-28 20:19:31 | 000,001,024 | ---- | C] () -- C:\Users\MARZENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
[2014-02-06 03:41:39 | 000,007,606 | ---- | C] () -- C:\Users\MARZENA\AppData\Local\Resmon.ResmonCfg
[2014-01-31 17:59:23 | 000,002,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-04-05 13:37:59 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013-04-04 15:48:20 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012-12-19 20:48:36 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-07-25 08:28:41 | 000,000,168 | ---- | C] () -- C:\Windows\usdthank.ini
[2012-07-25 08:28:41 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini
[2012-05-09 20:48:16 | 000,000,600 | ---- | C] () -- C:\Users\MARZENA\AppData\Roaming\winscp.rnd
[2011-10-04 15:55:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2014-02-06 04:27:26 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\.minecraft
[2013-12-15 21:44:37 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\AVG
[2013-05-24 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Awesomium
[2014-03-25 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Battle.net
[2014-04-30 21:41:47 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\BoL
[2014-04-28 20:19:13 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Curse
[2014-04-28 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Curse Advertising
[2014-04-28 21:49:25 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Curse Client
[2013-11-19 04:55:23 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\DAEMON Tools Lite
[2013-06-28 11:11:10 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\DAEMON Tools Ultra
[2014-05-05 15:06:44 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\DVDVideoSoft
[2013-12-23 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\FlvtoConverter
[2014-04-27 21:25:56 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\GG
[2013-05-02 18:32:45 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Highresolution Enterprises
[2013-06-27 00:53:24 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Hive Cluster
[2014-02-11 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\library_dir
[2011-10-23 09:35:14 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\LolClient
[2012-05-31 18:57:00 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\LolClient2
[2013-08-19 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\LoLPlus
[2013-09-29 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Mumble
[2013-06-25 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\OBS
[2013-08-20 03:11:50 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Origin
[2013-05-14 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\raidcall
[2014-02-10 02:34:48 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\SpaceEngineers
[2013-06-25 16:48:08 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\SplitMediaLabs
[2014-05-05 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\TeamViewer
[2013-06-25 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Tibia
[2014-05-05 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\TS3Client
[2014-02-06 04:38:51 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\TuneUp Software
[2014-05-05 14:58:55 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\uTorrent
[2013-12-06 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\MARZENA\AppData\Roaming\Wargaming.net
[2013-04-10 23:00:18 | 000,000,000 | -HSD | M] -- C:\Users\MARZENA\AppData\Roaming\wyUpdate AU
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >
- Kod: Zaznacz wszystko
[code][codeOTL Extras logfile created on: 2014-05-05 16:55:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARZENA\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,75 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 56,38% Memory free
7,49 Gb Paging File | 5,73 Gb Available in Paging File | 76,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,83 Gb Total Space | 37,94 Gb Free Space | 53,57% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 70,67 Gb Free Space | 90,46% Space Free | Partition Type: NTFS
Computer Name: MARZENAU | User Name: MARZENA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1356928267-1520858341-1132277051-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CD52D-E8A4-4D62-A849-7F0B52634BB6}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{0087E45F-125F-4BE7-8922-DA03A8D00472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18B7F148-24E5-4449-932A-6D855BA48947}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B397121-CE33-4863-B62B-1D3720A133E0}" = lport=138 | protocol=17 | dir=in | app=system |
"{1DD1EF3C-AD41-4071-9106-B177E4DAFB12}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E563BAC-399A-4D3A-95ED-AEDB1B538BB2}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{1F7033A1-40E0-42E2-A790-11245454F7CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2302A91B-D104-4A14-B964-09385EE48277}" = lport=57052 | protocol=6 | dir=in | name=pando media booster |
"{2C9A7297-3089-4058-A3EC-5A6AA4531E6D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FB95A05-24C2-4D68-A444-166106219AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34C4B341-A82A-48BB-AEDB-4581DC30C713}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35A9D6E1-B553-499F-A659-FA188370131C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A422A21-C3A8-459E-A6A6-5BC881D3A768}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DE8EC4E-93B7-4675-B90B-47EBF97549B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{442ED4C5-D9D7-4532-B2AB-A466011EFD3B}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{45D01106-7F85-41D0-8B6A-BAC02E19E977}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B19E7C9-40C4-4961-815B-97C4829E9836}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{4D7AC439-2A57-4A55-BCFC-589BA2474750}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{50E274C0-8BCD-438E-97F2-BF99DDE10B66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{51BF3D1C-E3BE-45AE-9934-8D5315715CA4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5F2CE782-A5C6-40CE-A290-15188EB7D3ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70AD6FAE-055F-4EF2-9635-BDF95ECA3A73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72E53841-1F36-4F2A-9219-5C6F8A493EDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{757399DA-0731-4182-A15E-5C6FA4D6BFC2}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{7946BF39-A923-4C13-B312-3AAFD510DAE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{961D55F7-7615-4CCD-80E7-DE3577581B0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9652528D-6B3F-4F1D-8D0F-226E3D60174D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{988C933F-254E-4DAB-B800-65CEFDCD1AEC}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{9C02745D-0FFF-4085-ACDB-1DB64598DF5F}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E62F9A6-8912-4D14-A8B1-83B33B649B71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2C96711-5DA7-4708-B15E-D1EDB4EC8544}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5542AD6-98C5-4654-9E43-F192CAEAF51D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7EF4DFE-ADA6-4E07-A462-563C8AB659DE}" = lport=57052 | protocol=17 | dir=in | name=pando media booster |
"{ADF044B1-0C62-4A12-A258-F20848238BC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0758FBB-0554-43B2-AA54-2C08AB5DB956}" = lport=57052 | protocol=6 | dir=in | name=pando media booster |
"{BF71FE57-A842-4602-8153-EA34BC3F6BE0}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{CB83948B-8C9D-41E2-A441-054EB3D55D37}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D5D620F5-7DEB-4FD4-890C-DE0C80CFA295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D783C513-6FF5-4649-A7DC-DFAE851FB944}" = lport=139 | protocol=6 | dir=in | app=system |
"{DEC145A2-CC62-4B14-B193-413A95B3A9D0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FBE19AE6-56FC-47C2-AF68-C3453842C53A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF9B5370-63CF-498D-84C0-57D0ABDB9B3F}" = lport=2869 | protocol=6 | dir=in | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7F34CE-2369-480F-999A-164D81A47B34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB89B5A-BFDA-42AC-B512-ED053A8E9594}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0F12C2F3-98E9-44C9-A424-96EDD1A31B9B}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{1301D978-701B-4902-B11C-7A4C41DDC8B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13CCD5A7-425C-417B-8951-63F7B0120C32}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{173EF6DB-2007-4226-B2D3-1957B99C5582}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{17CA247B-D78E-4B21-A30A-9CD21D9DE65D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{1B744FFF-8052-4EE4-B2E7-C9EAFAB0236F}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{1B9A9031-66B3-47E1-BB59-88CFA244C243}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1D53D259-B9C2-4665-8CE1-215CB9530B80}" = protocol=6 | dir=in | app=c:\users\marzena\appdata\roaming\utorrent\utorrent.exe |
"{238C2996-3CB6-42F2-A311-65DD98AB70A9}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{23F55D30-1D78-4CA3-8005-DF39014CD9CF}" = protocol=6 | dir=out | app=system |
"{27F7F6BF-C4BD-4BA9-8B0C-1C5D91390F5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2AFE9AF8-1A54-46A5-875B-A49D5615F76B}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{2CFE6F17-8212-40BF-B725-49DE40264B8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DA71198-607D-40EA-AFE0-139A0FD39EE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{392942B9-725E-469D-9476-31500C8A741C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3988CC5D-58F1-4BCF-B7A0-A246937FE359}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3DA32620-BEE8-4401-9486-51D48329967A}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{42432AF5-6167-468C-A392-7594EDB25D60}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{429A7B8E-29AC-45CA-BDB3-2350013992FD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{48B9F085-533E-4C4A-8190-6215A543E9D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4CAEF29C-467E-4C02-B6A5-241047CAEECA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CC93B8A-D50C-468E-82B1-435BD4471302}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D64EDCA-B74A-4816-87B6-14E58FC30B82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4E3506C9-01A3-4F0B-9A8B-168E0B5B686F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{4EBD1170-B88B-410A-9E9F-30931A6D8DF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F9BB43A-5BF5-4B2B-8256-3A4421C28D69}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{531C36E9-7AFF-431D-B1BC-1E3B664F14C1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{56BEE584-5ECB-476C-A06C-5B781D6F9697}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{57E296FB-CCE7-4F47-8118-9960497FFC51}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{6974B8DA-4B1E-4CB1-AF9E-25F688620397}" = protocol=6 | dir=out | app=system |
"{6B1BBDC4-B849-404F-A303-130F5C484260}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{6C89E8B9-CFD7-47CA-A6F0-C159106BFEB0}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{7517D87D-2558-40BC-89D7-720B34668F22}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{773FDD0A-2617-4AE2-BAE5-7B9E7700D8B1}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7DED7411-01B3-45B1-89BD-F7AEC17393DE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{81DF4BF5-7995-47D8-875D-767C03F11BB6}" = protocol=6 | dir=out | app=system |
"{8C079071-773E-400F-802B-24C3E1EA5CCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E78B687-8496-4524-9666-145D2BCF52B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8EFA2EF2-3306-44B1-B252-4BE6F67B95BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9DE481CE-CE36-462A-B53C-FCF42283DEC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C97515-5CBB-42DC-AEF2-21478B6E09C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A90420C3-59E1-4C46-ABDC-0C977EFCCE6C}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{AB0E5842-0DB3-42BB-A5DB-D2EF41598CFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABE48528-5E98-48EC-AA00-3E09C8B5929B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE6FD159-7FE8-4815-86A9-5F1FB55BE37C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B1BD9528-BA43-40A6-B416-9D5D6B803108}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B28AE9AA-D69C-4E74-901F-761F338DE777}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BE041D-D9CB-4501-8E83-3D02766FE38D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B6060940-38D8-43CF-9B6A-B409A62FEC73}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{BD3CD84A-9ABB-4AC7-9727-AC5EF1C51214}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{C180EFD3-EA5D-46EC-8A39-B01D94FF4C99}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C3D91E85-86F9-406B-BDB1-DB715B006A79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C442231E-39BE-4F30-AAFF-A08EDF24E0BF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C4809E2C-CBE6-421C-B81A-3660DAC16CD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9A66361-51D1-4208-9255-8E65E548FD76}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{CFAA6701-BA8B-43D1-B692-5C7B8655A938}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{D3609ABF-DE61-4358-9A96-95EB30697B1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D658EAD6-0E17-4041-94FF-D6F22B73816D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DFD91553-9A7B-4FCD-BFD9-B2BBFF5F68CA}" = protocol=17 | dir=in | app=c:\users\marzena\appdata\roaming\utorrent\utorrent.exe |
"{E2F090D5-F481-4CFE-ACA2-E127C220E107}" = dir=out | app=c:\windows\system32\svchost.exe |
"{E6433799-7BAB-4FED-922D-DB516265D2C6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6681EAC-4D9A-4896-8A39-CFA352E674C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E848DB46-F94E-4412-8C23-C1B2B55E6C36}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{FA4B1B87-4C21-4EB9-8955-A14918C83611}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magicka\magicka.exe |
"{FCF145CB-9A29-455E-BDAA-5628E503DEAB}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"TCP Query User{248E3BB1-5D17-4E7A-BCA1-55C2E469C333}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{81C3B36E-7668-4E09-A79C-54CC90FDCA61}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{8C13FFE7-A137-4B06-82FE-135575DAEA16}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{CB6F7DCA-B895-4C3E-B992-D2FD066AD09C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{71928A0B-FB7A-41F1-A626-48B49C8C9363}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{9D193DCF-6A9E-4C87-8551-57BA383B6180}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BE016CC8-4AF9-4A57-98B9-825AC648A738}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E84DE412-AA89-4E42-AAEE-C5764B75E915}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B5EEB434-D34D-40E1-9BA7-881E956D72E8}" = HP Wireless Assistant
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E2BDBC42-A7F5-BE3C-CAE7-672461BADFBB}" = ccc-utility64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Connectify" = Connectify
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C75F9A-97AD-5248-E32E-DF614E74CB30}" = CCC Help English
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17AAFDC8-0126-8325-99C3-BA94ECC88719}" = CCC Help Chinese Standard
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C7D54A1-3EAF-1FA6-865A-5BD68563978F}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2469F651-772F-53D7-66D6-EC065F786E38}" = CCC Help French
"{26050F54-3928-4D9C-849A-C48A9E831E6F}" = ChomikBox
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E228408-8C07-BF2B-E3BE-6FE3226D0557}" = Catalyst Control Center Graphics Full Existing
"{3418A50C-5B73-420F-A617-B680D778573C}" = CCC Help Greek
"{3CE8DBEF-2A88-F180-F62C-43AA930D6D47}" = CCC Help Korean
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43C189A4-D61F-F7C7-F4BC-C3FE800FF7BB}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{527B2D1F-0129-70C1-3D8E-D7C13994F3D8}" = Catalyst Control Center Graphics Previews Common
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5911C3EB-2E4F-80CC-4A1F-65DD5BFFEA0D}" = CCC Help German
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Obsługa programów Apple
"{639BDAFA-4A48-62A1-E2D9-13A84E9582FE}" = CCC Help Polish
"{6B6A1FFD-AF4B-2348-1854-1BBDD6A4E852}" = CCC Help Chinese Traditional
"{705893E4-960A-E551-4825-B63B7BE8959A}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{74FA0D8F-22A1-42FA-8D43-BF8704EB70EB}" = VMware Workstation
"{766BF6D1-A746-9B26-EC0B-E76DF6D5DE07}" = CCC Help Norwegian
"{783C5B03-DF9C-30B0-BC32-066150B77F19}" = CCC Help Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83853D8B-E9F1-1E35-2F1B-4210D2875A8C}" = CCC Help Spanish
"{845E9545-2A7F-FFCB-D2FA-A292B0137325}" = CCC Help Hungarian
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6E13F3-44FB-A8A6-D9F5-2AF030A47F2C}" = CCC Help Portuguese
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{996FF46F-797F-AFE4-2932-3F391B5BB4A5}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA11D798-A4C3-F2BF-E9C8-584D1AA7C891}" = Catalyst Control Center Graphics Full New
"{AB14AFDF-990F-C0FD-DDDF-6113BD111593}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.4 - Polish
"{AEBFE622-2807-E0D5-E7E2-0D5AA4977B48}" = CCC Help Danish
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{BFC1210F-19B0-A7F0-B027-82AD610DA5B7}" = CCC Help Italian
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{D2D49B64-FBC1-15EE-5734-97BB457F197E}" = Catalyst Control Center Core Implementation
"{D5EA734C-2DEC-76F6-9D98-97D57A6F61CE}" = CCC Help Swedish
"{DB6A09A0-34B0-BFE5-7026-C91829ED879D}" = CCC Help Turkish
"{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse
"{E1600759-7AB3-A146-5ED4-4A50E743D3D3}" = CCC Help Russian
"{E22B38FA-7A08-3CEE-EB31-970C4CF2AA54}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F084204C-5497-4DC2-893E-D31CF5C640E8}" = Gaming Mouse Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
"{F55BB217-BB0F-4A7A-A499-8A0C34D842E2}" = Catalyst Control Center Graphics Light
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE39FB6F-05FB-4B09-4DE7-6E2BEC08427D}" = CCC Help Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battle.net" = Battle.net
"Entropia Universe" = Entropia Universe
"Google Chrome" = Google Chrome
"GunDog" = Uninstall GunDog_EU
"Hearthstone" = Hearthstone
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"osu!" = osu!
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1356928267-1520858341-1132277051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-12-14 01:50:52 | Computer Name = MARZENAU | Source = Bonjour Service | ID = 100
Description =
Error - 2012-12-14 01:50:52 | Computer Name = MARZENAU | Source = Bonjour Service | ID = 100
Description =
Error - 2012-12-14 06:28:29 | Computer Name = MARZENAU | Source = EventSystem | ID = 4621
Description =
Error - 2012-12-14 18:27:10 | Computer Name = MARZENAU | Source = MsiInstaller | ID = 1013
Description =
Error - 2012-12-14 21:37:48 | Computer Name = MARZENAU | Source = Application Hang | ID = 1002
Description = Program League of Legends.exe w wersji 1.0.0.152 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
Centrum akcji. Identyfikator procesu: 1638 Godzina rozpoczęcia: 01cdda64bf5b46e5 Godzina
zakończenia: 11 Ścieżka aplikacji: C:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.203\deploy\League
of Legends.exe Identyfikator raportu: 05e6d2d0-4658-11e2-9e13-c80aa9cfee7b
Error - 2012-12-15 05:02:20 | Computer Name = MARZENAU | Source = EventSystem | ID = 4621
Description =
Error - 2012-12-15 12:21:38 | Computer Name = MARZENAU | Source = Bonjour Service | ID = 100
Description =
Error - 2012-12-15 12:21:45 | Computer Name = MARZENAU | Source = Bonjour Service | ID = 100
Description =
Error - 2012-12-15 12:21:45 | Computer Name = MARZENAU | Source = Bonjour Service | ID = 100
Description =
Error - 2012-12-15 14:36:42 | Computer Name = MARZENAU | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 6.1.7600.16385,
sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000775c000a
Identyfikator
procesu powodującego błąd: 0x180 Godzina uruchomienia aplikacji powodującej błąd:
0x01cdda306413f91e Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: 5e544eb4-46e6-11e2-9e13-c80aa9cfee7b
[ HP Wireless Assistant Events ]
Error - 2014-04-23 01:28:35 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 2014-04-23 01:28:35 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 2014-04-26 05:37:16 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 2014-04-26 05:37:16 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 2014-05-02 10:24:49 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 2014-05-02 10:24:49 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 2014-05-02 14:57:26 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 2014-05-02 14:57:26 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 2014-05-03 13:22:43 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 2014-05-03 13:22:43 | Computer Name = MARZENAU | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
[ System Events ]
Error - 2014-05-05 10:44:58 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
6. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:45:29 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.
Error - 2014-05-05 10:45:59 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
7. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:47:00 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
8. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:48:01 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
9. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:49:02 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
10. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:50:05 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
11. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:51:07 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
12. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:52:41 | Computer Name = MARZENAU | Source = Service Control Manager | ID = 7031
Description = Usługa Connectify niespodziewanie zakończyła pracę. Wystąpiło to razy:
13. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.
Error - 2014-05-05 10:59:11 | Computer Name = MARZENAU | Source = ipnathlp | ID = 30013
Description =
< End of report >
