• Ogłoszenie:

Jak usunąć ad.yieldmanager.com ?

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Jak usunąć ad.yieldmanager.com ?

Postprzez arehiba 22 Lip 2012, 11:47

reklama
Witam, jak usunąć ad.yieldmanager.com? Zawsze przy pierwszym odpaleniu przeglądarki zamula mi kompa i nie chcą się przez 10 sek szybko wczytać strony. Nie wiem co to jest, ale dość często mi wyskakuje.

Log z OTL

Kod: Zaznacz wszystko
OTL logfile created on: 2012-07-22 11:25:12 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Beata\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,80 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 45,32% Memory free
7,60 Gb Paging File | 4,96 Gb Available in Paging File | 65,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,25 Gb Total Space | 252,80 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
Drive D: | 13,22 Gb Total Space | 1,89 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 89,33 Mb Free Space | 90,21% Space Free | Partition Type: FAT32

Computer Name: BEATA-KOMPUTER | User Name: Beata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-07-22 11:18:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
PRC - [2012-03-27 16:58:08 | 000,692,888 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\BrowserCompanion\tcbhn.exe
PRC - [2011-09-01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2011-06-02 21:49:09 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010-11-20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010-03-18 06:57:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-01-25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009-11-04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-10-13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009-03-19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012-07-10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012-07-10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012-07-10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012-07-10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012-07-10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012-07-10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012-07-10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012-07-10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2012-06-13 19:20:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-13 18:14:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012-06-13 18:14:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-06-13 18:14:00 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012-06-11 14:59:34 | 000,097,072 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
MOD - [2012-05-22 21:32:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012-05-22 20:58:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-05-22 20:57:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012-05-22 20:55:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-22 20:55:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012-05-22 20:54:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-05-22 15:02:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-05-22 15:02:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-05-22 15:02:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-03-27 16:58:08 | 000,692,888 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\BrowserCompanion\tcbhn.exe
MOD - [2012-02-09 15:04:36 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-03-04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011-03-04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011-03-04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll
MOD - [2010-11-13 04:37:37 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-11-05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010-11-05 03:54:55 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010-02-09 18:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010-02-09 18:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010-02-09 18:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010-02-09 18:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010-02-09 18:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010-02-09 18:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010-02-09 18:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010-02-09 18:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011-04-24 14:51:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010-03-03 09:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010-01-27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:[b]64bit:[/b] - [2010-01-18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:[b]64bit:[/b] - [2009-11-18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-03-19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009-03-19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2012-07-12 11:00:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011-09-09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011-09-01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011-05-03 22:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011-04-24 14:51:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 06:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-01-04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009-11-04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009-10-13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-02-05 14:10:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-07-06 06:36:26 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2010-05-27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010-03-09 18:27:52 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-03-03 09:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-03-03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:[b]64bit:[/b] - [2010-03-03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010-03-03 08:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-02-11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010-01-28 19:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009-10-13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009-09-23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009-09-17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023.sys -- (usb_rndis)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009-03-19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009-03-19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009-03-19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009-03-19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009-09-23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004-12-30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}
IE - HKLM\..\SearchScopes\{5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=fe920d62000000000000c446193787b087b0
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{7794DB86-1852-49CB-A859-C3E6C6800DF9}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541925457364721
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8
FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {2226492f-8d91-100d-43a7-1dfea9174e4e}:4.6.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ip-adress.com/proxy_list"
FF - prefs.js..network.proxy.ftp: "81.17.24.99"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "81.17.24.99"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "201.219.3.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "81.17.24.99"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "81.17.24.99"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-17 22:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-24 19:52:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-08-28 15:15:22 | 000,000,000 | ---D | M]

[2011-03-08 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\mozilla\Extensions
[2012-06-25 22:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions
[2012-06-11 14:59:13 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012-06-06 17:19:51 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-02-08 17:06:25 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012-06-11 14:59:10 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\bbrs_002@blabbers.com
[2011-11-05 20:26:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\ffxtlbr@babylon.com
[2011-11-27 11:10:58 | 000,002,207 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\searchplugins\MyStart Search.xml
[2011-03-08 22:22:41 | 000,001,583 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\searchplugins\web-search.xml
[2012-06-25 16:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-06-11 14:59:11 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\mozilla firefox\extensions\{2226492f-8d91-100d-43a7-1dfea9174e4e}
[2011-05-02 22:36:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012-05-24 19:52:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012-06-25 16:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011-10-26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011-03-03 18:38:41 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2011-11-27 11:10:22 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011-03-03 18:38:41 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-12-13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011-03-03 18:38:41 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-03 18:38:41 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2011-03-03 18:38:41 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-03 18:38:41 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Szukaj w Google = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.3_0\
CHR - Extension: Gmail = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Beata\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Beata\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (sleekseek) - {9734659a-c01a-c854-a13d-4493fd2feac9} - C:\Windows\SysWOW64\bd80266e.dll ()
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [jeuiwu] C:\Users\Beata\jeuiwu.exe File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [Trial Phishing Sweeper] C:\Program Files (x86)\PhshSwpr\PhshSwpr.exe -min File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [Windows System Devices Manager] c:\users\public\csrss.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Beata\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03597800-28D6-4DF8-B914-97BA60E63C4F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EDEC78-E0D3-4217-BF21-60D468C84A13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799FC969-7BD5-440E-9932-1A4919BE9788}: DhcpNameServer = 192.168.2.2
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ec51e87-3121-11e0-a009-90fba6aa3b8b}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec51e87-3121-11e0-a009-90fba6aa3b8b}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{cd5d656a-c74f-11e0-b00d-c446193787b0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5d656a-c74f-11e0-b00d-c446193787b0}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\winopen.exe iexplore.exe -k $EXEDIR$\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-07-22 11:18:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
[2012-07-21 11:36:35 | 000,000,000 | ---D | C] -- C:\Users\Beata\Documents\Prototype 2 Keygen
[2012-07-20 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\Temporary Projects
[2012-07-15 12:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\MailShare
[2012-07-13 21:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH
[2012-07-13 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\GRETECH
[2012-07-13 21:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012-07-13 21:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012-07-10 21:14:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012-07-10 21:14:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012-07-10 21:13:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012-07-10 21:13:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012-07-10 21:13:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012-07-10 21:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012-07-10 21:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012-07-10 21:01:14 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys
[2012-07-10 21:01:12 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys
[2012-06-25 16:10:53 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012-06-25 16:10:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012-06-25 16:10:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012-06-25 16:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-06-25 10:32:57 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\Macromedia
[2012-06-24 15:02:54 | 000,769,496 | ---- | C] (DialCom24) -- C:\Users\Beata\Documents\bankbrowser_3_6.exe
[2012-06-23 22:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012-06-23 22:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worms Reloaded
[2012-06-22 06:25:59 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-22 06:25:59 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-22 06:25:59 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-22 06:25:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-22 06:25:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-22 06:25:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-22 06:25:27 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-22 06:25:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012-06-17 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\TechSmith
[2012-06-17 17:08:38 | 000,000,000 | ---D | C] -- C:\Users\Beata\Documents\Camtasia Studio
[2012-06-17 17:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012-06-17 17:00:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012-06-17 17:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012-06-17 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012-06-17 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012-06-17 17:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012-06-14 05:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012-06-13 16:43:22 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-06-13 16:43:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-06-13 16:42:57 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-06-13 16:42:52 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-06-13 16:42:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-06-13 16:42:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-06-13 16:42:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-06-13 16:42:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-06-13 16:42:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-06-13 16:42:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-06-13 16:42:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-06-13 16:42:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-06-13 16:42:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-06-13 16:41:54 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-06-13 16:41:52 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-06-13 16:41:44 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012-06-13 16:41:34 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012-06-13 16:41:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012-06-11 14:59:11 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\Complitly
[2012-06-11 14:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Complitly
[2012-06-11 14:59:09 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\BrowserCompanion
[2012-06-11 14:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion
[2012-06-11 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\ZalmanInstaller_otshot
[2012-06-10 22:44:03 | 000,000,000 | ---D | C] -- C:\8226f9c8288ca577f71f36
[2012-06-10 21:21:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-06-10 21:20:26 | 000,000,000 | ---D | C] -- C:\da4b70dcb7699806ba1b70
[2012-06-10 19:06:22 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avalon
[2012-06-10 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avalon
[2012-06-10 19:06:19 | 000,000,000 | ---D | C] -- C:\Avalon
[2012-06-10 17:26:22 | 000,000,000 | ---D | C] -- C:\Users\Beata\Desktop\jazz
[2012-06-06 17:19:52 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\CRE
[2012-06-05 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012-06-03 07:44:31 | 000,000,000 | ---D | C] -- C:\Users\Beata\Desktop\zdj do haiku
[2012-06-02 10:20:14 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\SKIDROW
[2012-06-02 10:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012-06-01 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Beata\Documents\Visual Studio 2010
[2012-05-31 22:35:38 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012-05-31 22:35:38 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012-05-31 22:35:30 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012-05-31 22:35:30 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012-05-31 22:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012-05-31 22:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012-05-31 22:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012-05-31 22:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012-05-31 22:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012-05-31 22:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012-05-31 22:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012-05-31 22:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012-05-31 22:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012-05-31 22:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012-05-31 22:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012-05-31 22:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012-05-31 22:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012-05-31 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012-05-31 22:24:58 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012-05-31 22:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012-05-31 22:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012-05-31 22:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012-05-27 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\Western Digital
[2012-05-24 19:52:29 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012-05-24 19:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-05-23 15:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passware
[2 C:\Users\Beata\AppData\Local\*.tmp files -> C:\Users\Beata\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-07-22 11:18:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
[2012-07-22 11:00:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-22 10:59:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-22 10:58:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756977198-2539240120-1013761767-1000UA.job
[2012-07-22 10:56:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-22 10:56:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-22 10:47:48 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-22 10:47:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-22 10:47:33 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-22 09:58:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756977198-2539240120-1013761767-1000Core.job
[2012-07-21 19:00:13 | 000,090,594 | ---- | M] () -- C:\Users\Beata\Documents\ht_james_holmes_shooter_nt_120720_wg.jpg
[2012-07-21 14:13:56 | 000,589,644 | ---- | M] () -- C:\Users\Beata\Documents\poradnik.pdf
[2012-07-21 11:30:22 | 000,380,201 | ---- | M] () -- C:\Users\Beata\Documents\prototype 2 keygen crack hack.png
[2012-07-20 21:07:13 | 001,878,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-20 21:07:13 | 000,813,974 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-07-20 21:07:13 | 000,727,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-20 21:07:13 | 000,185,624 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-07-20 21:07:13 | 000,150,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-20 20:03:26 | 000,049,131 | ---- | M] () -- C:\Users\Beata\Documents\DOTA_2_3rd_February_2012.jpg
[2012-07-20 20:03:01 | 000,098,348 | ---- | M] () -- C:\Users\Beata\Documents\Dota-2-Beta-Key-Generator.png
[2012-07-20 19:59:32 | 000,015,806 | ---- | M] () -- C:\Users\Beata\Documents\steam key generator.jpg
[2012-07-20 19:55:48 | 000,068,909 | ---- | M] () -- C:\Users\Beata\Documents\paysafecard_logo.jpg
[2012-07-20 19:55:33 | 000,048,549 | ---- | M] () -- C:\Users\Beata\Documents\paysafecard code generator 2012.jpg
[2012-07-20 19:53:01 | 000,072,826 | ---- | M] () -- C:\Users\Beata\Documents\hidden_chronicles-cheats.png
[2012-07-20 19:29:39 | 000,094,608 | ---- | M] () -- C:\Users\Beata\Documents\jailbreak.jpg
[2012-07-20 19:28:33 | 000,162,129 | ---- | M] () -- C:\Users\Beata\Documents\bouble safari hack.png
[2012-07-20 19:28:15 | 000,095,695 | ---- | M] () -- C:\Users\Beata\Documents\Bubble-Safari-Trainer-Download.png
[2012-07-20 19:27:03 | 000,058,618 | ---- | M] () -- C:\Users\Beata\Documents\candy.jpg
[2012-07-20 19:26:36 | 000,648,619 | ---- | M] () -- C:\Users\Beata\Documents\armies of magic hack.png
[2012-07-20 19:26:07 | 000,204,238 | ---- | M] () -- C:\Users\Beata\Documents\Armies of Magic hack.jpg
[2012-07-20 19:26:00 | 000,216,333 | ---- | M] () -- C:\Users\Beata\Documents\Candy-Crush-Saga-Trainer-download.png
[2012-07-18 17:33:48 | 034,307,341 | ---- | M] () -- C:\Users\Beata\Documents\Path of Exile BETA KEY GIVEAWAY.mp4
[2012-07-18 15:24:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBeata.job
[2012-07-15 12:17:45 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\MailShare.lnk
[2012-07-14 21:38:03 | 000,355,556 | ---- | M] () -- C:\Users\Beata\Documents\zaczepki.png
[2012-07-13 21:10:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012-07-12 11:00:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-12 11:00:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-07-12 10:54:11 | 000,002,407 | ---- | M] () -- C:\Users\Beata\Desktop\Google Chrome.lnk
[2012-07-11 11:37:46 | 003,042,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-02 22:09:48 | 001,236,992 | ---- | M] () -- C:\Users\Beata\Desktop\odstraszacz.komarow_pcworld_downloader_11295_pc.exe
[2012-06-30 14:06:56 | 000,346,227 | ---- | M] () -- C:\Users\Beata\Documents\pas burz.png
[2012-06-27 14:48:54 | 000,005,632 | ---- | M] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-26 12:56:40 | 000,028,672 | -H-- | M] () -- C:\Users\Beata\Documents\photothumb.db
[2012-06-24 15:02:50 | 000,769,496 | ---- | M] (DialCom24) -- C:\Users\Beata\Documents\bankbrowser_3_6.exe
[2012-06-24 13:13:25 | 000,001,346 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
[2012-06-23 22:34:05 | 000,001,545 | ---- | M] () -- C:\Users\Beata\Desktop\WormsReloaded — skrót.lnk
[2012-06-23 22:31:01 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded
[2012-06-23 11:54:42 | 388,328,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-06-21 17:05:35 | 000,164,035 | ---- | M] () -- C:\Users\Beata\Documents\p_universal.png
[2012-06-21 17:04:34 | 000,162,304 | ---- | M] () -- C:\Users\Beata\Documents\p_yellow.png
[2012-06-21 17:03:51 | 000,153,129 | ---- | M] () -- C:\Users\Beata\Documents\p_red.png
[2012-06-21 17:03:22 | 000,155,075 | ---- | M] () -- C:\Users\Beata\Documents\p_blue.png
[2012-06-21 17:02:18 | 000,154,133 | ---- | M] () -- C:\Users\Beata\Documents\p_violet.png
[2012-06-19 18:21:36 | 000,002,260 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2012-06-17 17:00:53 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012-06-14 23:05:04 | 000,000,000 | -H-- | M] () -- C:\Users\Beata\Documents\Default.rdp
[2012-06-11 14:59:11 | 000,075,112 | ---- | M] () -- C:\Windows\SysWow64\572447c5.exe
[2012-06-11 14:59:10 | 000,002,044 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
[2012-06-11 14:59:09 | 001,903,104 | ---- | M] () -- C:\Windows\SysWow64\bd80266e.dll
[2012-06-10 19:06:23 | 000,000,667 | ---- | M] () -- C:\Users\Beata\Desktop\Jazz Creation Station.lnk
[2012-06-10 19:06:22 | 000,000,679 | ---- | M] () -- C:\Users\Beata\Desktop\Jazz Jackrabbit 2 Secret Files.lnk
[2012-06-06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012-06-06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012-06-03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012-06-02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012-06-01 11:25:28 | 001,167,959 | ---- | M] () -- C:\Users\Beata\Documents\texture-6.jpg
[2012-06-01 10:19:33 | 000,207,427 | ---- | M] () -- C:\Users\Beata\AppData\Local\debuggee.mdmp
[2012-05-28 21:37:34 | 000,181,081 | ---- | M] () -- C:\Users\Beata\Documents\zgloszenie.pdf
[2 C:\Users\Beata\AppData\Local\*.tmp files -> C:\Users\Beata\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-21 19:00:16 | 000,090,594 | ---- | C] () -- C:\Users\Beata\Documents\ht_james_holmes_shooter_nt_120720_wg.jpg
[2012-07-21 14:13:59 | 000,589,644 | ---- | C] () -- C:\Users\Beata\Documents\poradnik.pdf
[2012-07-21 11:27:18 | 000,380,201 | ---- | C] () -- C:\Users\Beata\Documents\prototype 2 keygen crack hack.png
[2012-07-20 20:03:29 | 000,049,131 | ---- | C] () -- C:\Users\Beata\Documents\DOTA_2_3rd_February_2012.jpg
[2012-07-20 20:03:02 | 000,098,348 | ---- | C] () -- C:\Users\Beata\Documents\Dota-2-Beta-Key-Generator.png
[2012-07-20 19:59:36 | 000,015,806 | ---- | C] () -- C:\Users\Beata\Documents\steam key generator.jpg
[2012-07-20 19:55:49 | 000,068,909 | ---- | C] () -- C:\Users\Beata\Documents\paysafecard_logo.jpg
[2012-07-20 19:55:35 | 000,048,549 | ---- | C] () -- C:\Users\Beata\Documents\paysafecard code generator 2012.jpg
[2012-07-20 19:53:03 | 000,072,826 | ---- | C] () -- C:\Users\Beata\Documents\hidden_chronicles-cheats.png
[2012-07-20 19:29:41 | 000,094,608 | ---- | C] () -- C:\Users\Beata\Documents\jailbreak.jpg
[2012-07-20 19:28:39 | 000,162,129 | ---- | C] () -- C:\Users\Beata\Documents\bouble safari hack.png
[2012-07-20 19:28:17 | 000,095,695 | ---- | C] () -- C:\Users\Beata\Documents\Bubble-Safari-Trainer-Download.png
[2012-07-20 19:27:06 | 000,058,618 | ---- | C] () -- C:\Users\Beata\Documents\candy.jpg
[2012-07-20 19:26:46 | 000,648,619 | ---- | C] () -- C:\Users\Beata\Documents\armies of magic hack.png
[2012-07-20 19:26:08 | 000,204,238 | ---- | C] () -- C:\Users\Beata\Documents\Armies of Magic hack.jpg
[2012-07-20 19:26:03 | 000,216,333 | ---- | C] () -- C:\Users\Beata\Documents\Candy-Crush-Saga-Trainer-download.png
[2012-07-18 17:32:56 | 034,307,341 | ---- | C] () -- C:\Users\Beata\Documents\Path of Exile BETA KEY GIVEAWAY.mp4
[2012-07-15 12:17:45 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MailShare.lnk
[2012-07-15 12:17:43 | 000,206,848 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012-07-14 21:34:53 | 000,355,556 | ---- | C] () -- C:\Users\Beata\Documents\zaczepki.png
[2012-07-13 21:10:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012-07-02 22:09:54 | 001,236,992 | ---- | C] () -- C:\Users\Beata\Desktop\odstraszacz.komarow_pcworld_downloader_11295_pc.exe
[2012-06-30 14:06:56 | 000,346,227 | ---- | C] () -- C:\Users\Beata\Documents\pas burz.png
[2012-06-24 13:13:25 | 000,001,346 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
[2012-06-23 22:34:05 | 000,001,545 | ---- | C] () -- C:\Users\Beata\Desktop\WormsReloaded — skrót.lnk
[2012-06-23 22:31:01 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded
[2012-06-23 22:31:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded
[2012-06-21 17:05:32 | 000,164,035 | ---- | C] () -- C:\Users\Beata\Documents\p_universal.png
[2012-06-21 16:52:32 | 000,162,304 | ---- | C] () -- C:\Users\Beata\Documents\p_yellow.png
[2012-06-21 16:39:41 | 000,154,133 | ---- | C] () -- C:\Users\Beata\Documents\p_violet.png
[2012-06-21 16:38:28 | 000,155,075 | ---- | C] () -- C:\Users\Beata\Documents\p_blue.png
[2012-06-21 16:37:45 | 000,153,129 | ---- | C] () -- C:\Users\Beata\Documents\p_red.png
[2012-06-19 18:21:36 | 000,002,260 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2012-06-17 17:00:53 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012-06-14 23:05:04 | 000,000,000 | -H-- | C] () -- C:\Users\Beata\Documents\Default.rdp
[2012-06-11 14:59:11 | 000,075,112 | ---- | C] () -- C:\Windows\SysWow64\572447c5.exe
[2012-06-11 14:59:09 | 001,903,104 | ---- | C] () -- C:\Windows\SysWow64\bd80266e.dll
[2012-06-11 14:59:09 | 000,002,044 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
[2012-06-10 19:06:23 | 000,000,667 | ---- | C] () -- C:\Users\Beata\Desktop\Jazz Creation Station.lnk
[2012-06-10 19:06:22 | 000,000,679 | ---- | C] () -- C:\Users\Beata\Desktop\Jazz Jackrabbit 2 Secret Files.lnk
[2012-06-01 11:25:31 | 001,167,959 | ---- | C] () -- C:\Users\Beata\Documents\texture-6.jpg
[2012-06-01 10:19:32 | 000,207,427 | ---- | C] () -- C:\Users\Beata\AppData\Local\debuggee.mdmp
[2012-05-28 21:37:38 | 000,181,081 | ---- | C] () -- C:\Users\Beata\Documents\zgloszenie.pdf
[2012-05-14 22:52:32 | 000,000,872 | ---- | C] () -- C:\Users\Beata\AppData\Local\recently-used.xbel
[2012-04-17 09:23:37 | 000,000,136 | ---- | C] () -- C:\ProgramData\{0B53357A-EB45-7BE6-A4CE-C75F-D36F0977}.ini
[2012-03-01 20:55:07 | 000,000,000 | ---- | C] () -- C:\Users\Beata\ping
[2012-01-28 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{52FDD5F0-778E-4542-A7C0-9BCF44FD5168}
[2011-11-14 22:44:08 | 000,007,597 | ---- | C] () -- C:\Users\Beata\AppData\Local\Resmon.ResmonCfg
[2011-11-12 18:54:59 | 000,002,048 | -HS- | C] () -- C:\Users\Beata\AppData\Local\3c3dd928\@
[2011-09-08 16:19:42 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{85456CFC-4549-453F-91E5-66349CCFD149}
[2011-09-08 13:49:53 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{2AE2B49C-14AF-4609-83A6-BF0B3BA85614}
[2011-08-29 10:52:25 | 000,001,854 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\GhostObjGAFix.xml
[2011-08-16 00:34:49 | 000,000,546 | ---- | C] () -- C:\Windows\eReg.dat
[2011-07-18 16:45:33 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011-07-18 16:10:21 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini
[2011-07-11 18:43:27 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{E526C5A8-900A-4A7E-BD64-A0A087DAA4D5}
[2011-07-03 21:35:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-07-03 21:35:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-07-03 21:35:23 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011-07-03 21:35:23 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-07-03 21:35:23 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-07-03 21:35:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-07-03 21:35:22 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-06-29 23:47:11 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{A38E3861-2465-4CC5-BC3F-F6C5EDF80FD2}
[2011-03-06 17:48:31 | 000,000,093 | ---- | C] () -- C:\Users\Beata\AppData\Local\fusioncache.dat
[2011-03-06 17:44:59 | 001,667,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-02-04 20:33:36 | 000,005,632 | ---- | C] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-05 21:13:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-11-05 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Babylon
[2012-07-22 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\BrowserCompanion
[2011-09-28 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Canon
[2012-06-11 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Complitly
[2011-08-15 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\DAEMON Tools Lite
[2012-01-29 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Dev-Cpp
[2011-08-28 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ESET
[2012-07-19 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Gadu-Gadu 10
[2012-01-29 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\GetRightToGo
[2011-08-11 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\GHISLER
[2012-07-06 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ipla
[2010-12-06 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Leadertech
[2012-05-20 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\muzo
[2011-03-06 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Nokia
[2011-11-29 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\OpenCandy
[2011-01-14 19:00:12 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\OpenFM
[2011-04-13 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Opera
[2011-11-19 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\OxyForensic
[2011-03-06 18:07:18 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\PC Suite
[2011-08-23 10:15:45 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\PhotoScape
[2012-01-26 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Rovio
[2011-11-27 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\SumatraPDF
[2012-02-18 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\TeamViewer
[2010-12-11 23:56:05 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Tific
[2012-06-14 12:52:07 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\uTorrent
[2010-12-09 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\WildTangent
[2012-06-11 15:20:11 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ZalmanInstaller_otshot
[2011-06-06 07:38:59 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\_MDLogs
[2012-07-17 10:23:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 872 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded: Game of the Year Edition.lnk
@Alternate Data Stream - 860 bytes -> C:\Users\Public\Desktop\Worms Reloaded: Game of the Year Edition.lnk

< End of report >
arehiba
~user
 
Posty: 45
Dołączenie: 22 Lip 2012, 11:15



Jak usunąć ad.yieldmanager.com ?

Postprzez wojtas 22 Lip 2012, 14:36

brakuje drugiego loga z OTL ( extras)

odinstaluj w dodaj usuń : uTorrentControl2 Community Toolbar, IncrediMail MediaBar 2 Community Toolbar, Babylon Toolbar, Complitly, BrowserCompanion

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=fe920d62000000000000c446193787b087b0
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541925457364721
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2012-06-06 17:19:51 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-02-08 17:06:25 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011-11-05 20:26:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions\ffxtlbr@babylon.com
[2011-11-27 11:10:58 | 000,002,207 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\searchplugins\MyStart Search.xml
[2011-03-08 22:22:41 | 000,001,583 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\searchplugins\web-search.xml
[2012-06-11 14:59:11 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\mozilla firefox\extensions\{2226492f-8d91-100d-43a7-1dfea9174e4e}
[2011-11-27 11:10:22 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010-12-13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (sleekseek) - {9734659a-c01a-c854-a13d-4493fd2feac9} - C:\Windows\SysWOW64\bd80266e.dll ()
O3 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [jeuiwu] C:\Users\Beata\jeuiwu.exe File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [Trial Phishing Sweeper] C:\Program Files (x86)\PhshSwpr\PhshSwpr.exe -min File not found
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [Windows System Devices Manager] c:\users\public\csrss.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Beata\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
[2012-06-11 14:59:10 | 000,002,044 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
[2012-06-11 14:59:11 | 000,075,112 | ---- | M] () -- C:\Windows\SysWow64\572447c5.exe
[2011-08-29 10:52:25 | 000,001,854 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\GhostObjGAFix.xml

:Files
C:\Users\Beata\AppData\Roaming\BrowserCompanion
C:\Users\Beata\AppData\Local\3c3dd928

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

Autor postu otrzymał pochwałę
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Jak usunąć ad.yieldmanager.com ?

Postprzez arehiba 22 Lip 2012, 15:54

Wszystko ok?


Kod: Zaznacz wszystko
# AdwCleaner v1.703 - Logfile created 07/22/2012 at 15:33:32
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Beata - BEATA-KOMPUTER
# Running from : C:\Users\Beata\Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Beata\AppData\Local\Conduit
Folder Deleted : C:\Users\Beata\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Beata\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Beata\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Beata\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Beata\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\Conduit
Folder Deleted : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\ConduitCommon
Folder Deleted : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\extensions\bbrs_002@blabbers.com

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (pl)

Profile name : default
File : C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\ylzikla3.default\prefs.js

Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Deleted : user_pref("CT2724386.CTID", "ct2724386");
Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Sun Dec 04 2011 15:27:32 GMT+0100");
Deleted : user_pref("CT2724386.CommunityChanged", true);
Deleted : user_pref("CT2724386.CurrentServerDate", "4-12-2011");
Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724386.FirstServerDate", "27-11-2011");
Deleted : user_pref("CT2724386.FirstTime", true);
Deleted : user_pref("CT2724386.FirstTimeFF3", true);
Deleted : user_pref("CT2724386.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Sun Dec 04 2011 10:06:03 GMT+0100");
Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.GroupingLastResponse", true);
Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129664574552630000");
Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724386.Initialize", true);
Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2724386.InstalledDate", "Sun Nov 27 2011 19:47:31 GMT+0100");
Deleted : user_pref("CT2724386.InvalidateCache", false);
Deleted : user_pref("CT2724386.IsGrouping", true);
Deleted : user_pref("CT2724386.IsMulticommunity", false);
Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sun Nov 27 2011 19:47:33 GMT+0100");
Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724386.LastLogin_2.7.2.0", "Sun Dec 04 2011 15:27:32 GMT+0100");
Deleted : user_pref("CT2724386.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2724386.Locale", "en");
Deleted : user_pref("CT2724386.LoginCache", 4);
Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724386.RadioIsPodcast", false);
Deleted : user_pref("CT2724386.RadioLastCheckTime", "Sun Nov 27 2011 19:47:31 GMT+0100");
Deleted : user_pref("CT2724386.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2724386.RadioMediaID", "21080102");
Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
Deleted : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
Deleted : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sun Nov 27 2011 19:47:32 GMT+0100");
Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2724386.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sun Nov 27 2011 19:47:30 GMT+0100");
Deleted : user_pref("CT2724386.SettingsLastUpdate", "1321973055");
Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sun Nov 27 2011 19:47:30 GMT+0100");
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2724386.UserID", "UN79907114773831447");
Deleted : user_pref("CT2724386.WeatherNetwork", "");
Deleted : user_pref("CT2724386.WeatherPollDate", "Sun Dec 04 2011 15:27:33 GMT+0100");
Deleted : user_pref("CT2724386.WeatherUnit", "C");
Deleted : user_pref("CT2724386.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api16_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "363539346336653163363532[...]
Deleted : user_pref("CT2724386.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3635393463366531633635326[...]
Deleted : user_pref("CT2724386.clientLogIsEnabled", true);
Deleted : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2724386.ct2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.ct2724386.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2724386.ct2724386.GroupingInvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724386.GroupingLastCheckTime", "Sun Dec 04 2011 10:06:03 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.ct2724386.GroupingLastResponse", true);
Deleted : user_pref("CT2724386.ct2724386.GroupingLastServerUpdateTime", "129664574552630000");
Deleted : user_pref("CT2724386.ct2724386.InvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724386.LanguagePackLastCheckTime", "Sun Dec 04 2011 10:06:56 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.Locale", "en");
Deleted : user_pref("CT2724386.ct2724386.RadioLastCheckTime", "Sun Dec 04 2011 10:06:04 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724386.ct2724386.RadioLastUpdateServer", "129249036863500000");
Deleted : user_pref("CT2724386.ct2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2724386.ct2724386.SearchInNewTabLastCheckTime", "Sun Dec 04 2011 10:06:03 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2724386.ct2724386.SettingsLastCheckTime", "Sun Dec 04 2011 15:27:32 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.SettingsLastUpdate", "1321973055");
Deleted : user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastCheck", "Sun Nov 27 2011 19:47:31 GMT+0100");
Deleted : user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2724386.myStuffEnabled", true);
Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Wed Jul 11 2012 18:35:56 GMT+0200");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "25-6-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Jul 11 2012 18:35:35 GMT+0200");
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "9-6-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.babylon.com/?babsrc=HP_Prot");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fftF384.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Sat Jun 09 2012 16:31:43 GMT+0200");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Wed Jul 11 2012 18:35:14 GMT+0200");
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Wed Jul 11 2012 18:35:35 GMT+0200");
Deleted : user_pref("CT3072253.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Jul 11 2012 18:34:53 GMT+0200");
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Wed Jul 11 2012 18:35:14 GMT+0200");
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Wed Jul 11 2012 18:34:53 GMT+0200");
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1339665152");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Jul 11 2012 18:34:53 GMT+0200");
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN27279333475859983");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "504C");
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4348");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "536174204A756E20303920323031322031363A33313A35322[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E726564747562652E636F6D2[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Jul 11 2012 18:35:35 GMT+0200");
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Wed Jul 11 2012 18:35:35 GMT+0200");
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Jul 11 2012 18:35:35 GMT+0200");
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Beata\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb68/?loc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724386,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Dec 04 2011 10:06:04 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "a79e2795-f246-4900-86bb-a120413a921a");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 11 2012 18:35:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 11 2012 18:34:54 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "74ba29db-8af5-4d59-a500-adaac6430733");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 23);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "fe920d62000000000000c446193787b0");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15283");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 23);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1019:26:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 68514674);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1019:26:09");
Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false);
Deleted : user_pref("vshare.install.date", "1299542400000");
Deleted : user_pref("vshare.install.dumpFileCount", 0);
Deleted : user_pref("vshare.install.dumpFileDisabled", false);
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.guid", "{0df010e6-50b1-4d6b-a2b8-ab91d67e9604}");
Deleted : user_pref("vshare.install.istoolbarhp", true);
Deleted : user_pref("vshare.install.istoolbarsearch", true);
Deleted : user_pref("vshare.install.laststatreq", "1303344000000");
Deleted : user_pref("vshare.install.newtab", true);
Deleted : user_pref("vshare.install.overlayVersion", 1);
Deleted : user_pref("vshare.install.userHPSettings", "");
Deleted : user_pref("vshare.install.userSPSettings", "");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Beata\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                "description": "Blocks domains/hosts from appearing in your Google search results.",
Deleted :                "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT307225[...]
Deleted :          "name": "Winamp Application Detector",
Deleted :          "name": "Winamp Application Detector"

-\\ Opera v11.64.1403.0

File : C:\Users\Beata\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [276 octets] - [22/07/2012 15:32:54]
AdwCleaner[R1].txt - [30682 octets] - [22/07/2012 15:33:03]
AdwCleaner[S2].txt - [28677 octets] - [22/07/2012 15:33:32]

########## EOF - C:\AdwCleaner[S2].txt - [28806 octets] ##########


Kod: Zaznacz wszystko
OTL logfile created on: 2012-07-22 15:37:22 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Beata\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,80 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 51,55% Memory free
7,60 Gb Paging File | 5,36 Gb Available in Paging File | 70,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,25 Gb Total Space | 269,41 Gb Free Space | 59,57% Space Free | Partition Type: NTFS
Drive D: | 13,22 Gb Total Space | 1,89 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 89,33 Mb Free Space | 90,21% Space Free | Partition Type: FAT32

Computer Name: BEATA-KOMPUTER | User Name: Beata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-07-22 15:22:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
PRC - [2011-09-01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-06-02 21:49:09 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010-03-18 06:57:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-01-25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009-11-04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-10-13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009-03-19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012-07-10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012-07-10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012-07-10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012-07-10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012-07-10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012-07-10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012-06-13 19:20:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-13 18:14:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012-06-13 18:14:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-06-13 18:14:00 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012-05-22 21:32:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012-05-22 20:58:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-05-22 20:57:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012-05-22 20:55:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-22 20:55:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012-05-22 20:54:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-05-22 15:02:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-05-22 15:02:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-05-22 15:02:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-02-09 15:04:36 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011-03-04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011-03-04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011-03-04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010-11-13 04:37:37 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-11-05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010-11-05 03:54:55 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010-02-09 18:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010-02-09 18:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010-02-09 18:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010-02-09 18:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010-02-09 18:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010-02-09 18:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010-02-09 18:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010-02-09 18:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011-04-24 14:51:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010-03-03 09:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010-01-27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:[b]64bit:[/b] - [2010-01-18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:[b]64bit:[/b] - [2009-11-18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-03-19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009-03-19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2012-07-12 11:00:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011-09-09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011-09-01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011-05-03 22:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011-04-24 14:51:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 06:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-01-04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009-11-04 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009-10-13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-02-05 14:10:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-07-06 06:36:26 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2010-05-27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010-03-09 18:27:52 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-03-03 09:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-03-03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:[b]64bit:[/b] - [2010-03-03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010-03-03 08:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-02-11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010-01-28 19:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009-10-13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009-09-23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009-09-17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023.sys -- (usb_rndis)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009-03-19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009-03-19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009-03-19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009-03-19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009-09-23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004-12-30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}
IE - HKLM\..\SearchScopes\{5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{5D0B7C8F-DAC8-469A-8411-3AB1D4F7079B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\..\SearchScopes\{7794DB86-1852-49CB-A859-C3E6C6800DF9}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8
FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {2226492f-8d91-100d-43a7-1dfea9174e4e}:4.6.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ip-adress.com/proxy_list"
FF - prefs.js..network.proxy.ftp: "81.17.24.99"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "81.17.24.99"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "201.219.3.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "81.17.24.99"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "81.17.24.99"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beata\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-17 22:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-24 19:52:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-08-28 15:15:22 | 000,000,000 | ---D | M]

[2011-03-08 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\mozilla\Extensions
[2012-07-22 15:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beata\AppData\Roaming\mozilla\Firefox\Profiles\ylzikla3.default\extensions
[2012-06-25 16:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-05-02 22:36:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012-05-24 19:52:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012-06-25 16:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{2226492F-8D91-100D-43A7-1DFEA9174E4E}
File not found (No name found) -- C:\USERS\BEATA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLZIKLA3.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
File not found (No name found) -- C:\USERS\BEATA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLZIKLA3.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\BEATA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLZIKLA3.DEFAULT\EXTENSIONS\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
File not found (No name found) -- C:\USERS\BEATA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YLZIKLA3.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM
[2011-10-26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011-03-03 18:38:41 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2011-03-03 18:38:41 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2011-03-03 18:38:41 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-03 18:38:41 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2011-03-03 18:38:41 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-03 18:38:41 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beata\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Beata\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03597800-28D6-4DF8-B914-97BA60E63C4F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EDEC78-E0D3-4217-BF21-60D468C84A13}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799FC969-7BD5-440E-9932-1A4919BE9788}: DhcpNameServer = 192.168.2.2
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ec51e87-3121-11e0-a009-90fba6aa3b8b}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec51e87-3121-11e0-a009-90fba6aa3b8b}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{cd5d656a-c74f-11e0-b00d-c446193787b0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5d656a-c74f-11e0-b00d-c446193787b0}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\winopen.exe iexplore.exe -k $EXEDIR$\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-07-22 15:23:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-22 15:22:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
[2012-07-10 21:14:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012-07-10 21:14:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012-07-10 21:13:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012-07-10 21:13:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012-07-10 21:13:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012-07-10 21:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012-07-10 21:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012-07-10 21:01:14 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys
[2012-07-10 21:01:12 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys
[2012-06-25 16:10:53 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012-06-25 16:10:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012-06-25 16:10:53 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012-06-25 16:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-06-25 10:32:57 | 000,000,000 | ---D | C] -- C:\Users\Beata\AppData\Local\Macromedia
[2012-06-24 15:02:54 | 000,769,496 | ---- | C] (DialCom24) -- C:\Users\Beata\Documents\bankbrowser_3_6.exe
[2012-06-23 22:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012-06-23 22:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worms Reloaded
[2 C:\Users\Beata\AppData\Local\*.tmp files -> C:\Users\Beata\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-07-22 15:42:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-22 15:42:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-22 15:34:39 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-22 15:34:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-22 15:34:22 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-22 15:32:40 | 000,632,049 | ---- | M] () -- C:\Users\Beata\Documents\adwcleaner.exe
[2012-07-22 15:22:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Beata\Documents\OTL.exe
[2012-07-22 15:00:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-22 14:59:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-22 14:58:12 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756977198-2539240120-1013761767-1000UA.job
[2012-07-22 14:19:08 | 000,016,976 | ---- | M] () -- C:\Users\Beata\Documents\01_amazon-dot-com.jpg
[2012-07-22 14:12:12 | 000,393,311 | ---- | M] () -- C:\Users\Beata\Documents\itunes-free-gift-code-generator-crack-itune-codes-working-legit-download-latest-2012-hack.jpg
[2012-07-22 12:33:08 | 000,150,659 | ---- | M] () -- C:\Users\Beata\Documents\ps-cs-6-key1.png
[2012-07-22 09:58:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3756977198-2539240120-1013761767-1000Core.job
[2012-07-21 19:00:13 | 000,090,594 | ---- | M] () -- C:\Users\Beata\Documents\ht_james_holmes_shooter_nt_120720_wg.jpg
[2012-07-21 14:13:56 | 000,589,644 | ---- | M] () -- C:\Users\Beata\Documents\poradnik.pdf
[2012-07-21 11:30:22 | 000,380,201 | ---- | M] () -- C:\Users\Beata\Documents\prototype 2 keygen crack hack.png
[2012-07-20 21:07:13 | 001,878,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-20 21:07:13 | 000,813,974 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-07-20 21:07:13 | 000,727,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-20 21:07:13 | 000,185,624 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-07-20 21:07:13 | 000,150,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-20 20:03:26 | 000,049,131 | ---- | M] () -- C:\Users\Beata\Documents\DOTA_2_3rd_February_2012.jpg
[2012-07-20 20:03:01 | 000,098,348 | ---- | M] () -- C:\Users\Beata\Documents\Dota-2-Beta-Key-Generator.png
[2012-07-20 19:59:32 | 000,015,806 | ---- | M] () -- C:\Users\Beata\Documents\steam key generator.jpg
[2012-07-20 19:55:48 | 000,068,909 | ---- | M] () -- C:\Users\Beata\Documents\paysafecard_logo.jpg
[2012-07-20 19:55:33 | 000,048,549 | ---- | M] () -- C:\Users\Beata\Documents\paysafecard code generator 2012.jpg
[2012-07-20 19:53:01 | 000,072,826 | ---- | M] () -- C:\Users\Beata\Documents\hidden_chronicles-cheats.png
[2012-07-20 19:29:39 | 000,094,608 | ---- | M] () -- C:\Users\Beata\Documents\jailbreak.jpg
[2012-07-20 19:28:33 | 000,162,129 | ---- | M] () -- C:\Users\Beata\Documents\bouble safari hack.png
[2012-07-20 19:28:15 | 000,095,695 | ---- | M] () -- C:\Users\Beata\Documents\Bubble-Safari-Trainer-Download.png
[2012-07-20 19:27:03 | 000,058,618 | ---- | M] () -- C:\Users\Beata\Documents\candy.jpg
[2012-07-20 19:26:36 | 000,648,619 | ---- | M] () -- C:\Users\Beata\Documents\armies of magic hack.png
[2012-07-20 19:26:07 | 000,204,238 | ---- | M] () -- C:\Users\Beata\Documents\Armies of Magic hack.jpg
[2012-07-20 19:26:00 | 000,216,333 | ---- | M] () -- C:\Users\Beata\Documents\Candy-Crush-Saga-Trainer-download.png
[2012-07-18 17:33:48 | 034,307,341 | ---- | M] () -- C:\Users\Beata\Documents\Path of Exile BETA KEY GIVEAWAY.mp4
[2012-07-18 15:24:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBeata.job
[2012-07-14 21:38:03 | 000,355,556 | ---- | M] () -- C:\Users\Beata\Documents\zaczepki.png
[2012-07-12 11:00:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-12 11:00:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-07-12 10:54:11 | 000,002,407 | ---- | M] () -- C:\Users\Beata\Desktop\Google Chrome.lnk
[2012-07-11 11:37:46 | 003,042,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-02 22:09:48 | 001,236,992 | ---- | M] () -- C:\Users\Beata\Desktop\odstraszacz.komarow_pcworld_downloader_11295_pc.exe
[2012-06-30 14:06:56 | 000,346,227 | ---- | M] () -- C:\Users\Beata\Documents\pas burz.png
[2012-06-27 14:48:54 | 000,005,632 | ---- | M] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-24 15:02:50 | 000,769,496 | ---- | M] (DialCom24) -- C:\Users\Beata\Documents\bankbrowser_3_6.exe
[2012-06-24 13:13:25 | 000,001,346 | ---- | M] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
[2012-06-23 22:34:05 | 000,001,545 | ---- | M] () -- C:\Users\Beata\Desktop\WormsReloaded — skrót.lnk
[2012-06-23 22:31:01 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded
[2012-06-23 11:54:42 | 388,328,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Users\Beata\AppData\Local\*.tmp files -> C:\Users\Beata\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-22 15:32:42 | 000,632,049 | ---- | C] () -- C:\Users\Beata\Documents\adwcleaner.exe
[2012-07-22 14:19:11 | 000,016,976 | ---- | C] () -- C:\Users\Beata\Documents\01_amazon-dot-com.jpg
[2012-07-22 14:12:18 | 000,393,311 | ---- | C] () -- C:\Users\Beata\Documents\itunes-free-gift-code-generator-crack-itune-codes-working-legit-download-latest-2012-hack.jpg
[2012-07-22 12:27:39 | 000,150,659 | ---- | C] () -- C:\Users\Beata\Documents\ps-cs-6-key1.png
[2012-07-21 19:00:16 | 000,090,594 | ---- | C] () -- C:\Users\Beata\Documents\ht_james_holmes_shooter_nt_120720_wg.jpg
[2012-07-21 14:13:59 | 000,589,644 | ---- | C] () -- C:\Users\Beata\Documents\poradnik.pdf
[2012-07-21 11:27:18 | 000,380,201 | ---- | C] () -- C:\Users\Beata\Documents\prototype 2 keygen crack hack.png
[2012-07-20 20:03:29 | 000,049,131 | ---- | C] () -- C:\Users\Beata\Documents\DOTA_2_3rd_February_2012.jpg
[2012-07-20 20:03:02 | 000,098,348 | ---- | C] () -- C:\Users\Beata\Documents\Dota-2-Beta-Key-Generator.png
[2012-07-20 19:59:36 | 000,015,806 | ---- | C] () -- C:\Users\Beata\Documents\steam key generator.jpg
[2012-07-20 19:55:49 | 000,068,909 | ---- | C] () -- C:\Users\Beata\Documents\paysafecard_logo.jpg
[2012-07-20 19:55:35 | 000,048,549 | ---- | C] () -- C:\Users\Beata\Documents\paysafecard code generator 2012.jpg
[2012-07-20 19:53:03 | 000,072,826 | ---- | C] () -- C:\Users\Beata\Documents\hidden_chronicles-cheats.png
[2012-07-20 19:29:41 | 000,094,608 | ---- | C] () -- C:\Users\Beata\Documents\jailbreak.jpg
[2012-07-20 19:28:39 | 000,162,129 | ---- | C] () -- C:\Users\Beata\Documents\bouble safari hack.png
[2012-07-20 19:28:17 | 000,095,695 | ---- | C] () -- C:\Users\Beata\Documents\Bubble-Safari-Trainer-Download.png
[2012-07-20 19:27:06 | 000,058,618 | ---- | C] () -- C:\Users\Beata\Documents\candy.jpg
[2012-07-20 19:26:46 | 000,648,619 | ---- | C] () -- C:\Users\Beata\Documents\armies of magic hack.png
[2012-07-20 19:26:08 | 000,204,238 | ---- | C] () -- C:\Users\Beata\Documents\Armies of Magic hack.jpg
[2012-07-20 19:26:03 | 000,216,333 | ---- | C] () -- C:\Users\Beata\Documents\Candy-Crush-Saga-Trainer-download.png
[2012-07-18 17:32:56 | 034,307,341 | ---- | C] () -- C:\Users\Beata\Documents\Path of Exile BETA KEY GIVEAWAY.mp4
[2012-07-15 12:17:43 | 000,206,848 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012-07-14 21:34:53 | 000,355,556 | ---- | C] () -- C:\Users\Beata\Documents\zaczepki.png
[2012-07-02 22:09:54 | 001,236,992 | ---- | C] () -- C:\Users\Beata\Desktop\odstraszacz.komarow_pcworld_downloader_11295_pc.exe
[2012-06-30 14:06:56 | 000,346,227 | ---- | C] () -- C:\Users\Beata\Documents\pas burz.png
[2012-06-24 13:13:25 | 000,001,346 | ---- | C] () -- C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
[2012-06-23 22:34:05 | 000,001,545 | ---- | C] () -- C:\Users\Beata\Desktop\WormsReloaded — skrót.lnk
[2012-06-23 22:31:01 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded
[2012-06-23 22:31:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded
[2012-06-01 10:19:32 | 000,207,427 | ---- | C] () -- C:\Users\Beata\AppData\Local\debuggee.mdmp
[2012-05-14 22:52:32 | 000,000,872 | ---- | C] () -- C:\Users\Beata\AppData\Local\recently-used.xbel
[2012-04-17 09:23:37 | 000,000,136 | ---- | C] () -- C:\ProgramData\{0B53357A-EB45-7BE6-A4CE-C75F-D36F0977}.ini
[2012-01-28 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{52FDD5F0-778E-4542-A7C0-9BCF44FD5168}
[2011-11-14 22:44:08 | 000,007,597 | ---- | C] () -- C:\Users\Beata\AppData\Local\Resmon.ResmonCfg
[2011-09-08 16:19:42 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{85456CFC-4549-453F-91E5-66349CCFD149}
[2011-09-08 13:49:53 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{2AE2B49C-14AF-4609-83A6-BF0B3BA85614}
[2011-08-16 00:34:49 | 000,000,546 | ---- | C] () -- C:\Windows\eReg.dat
[2011-07-18 16:45:33 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011-07-18 16:10:21 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini
[2011-07-11 18:43:27 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{E526C5A8-900A-4A7E-BD64-A0A087DAA4D5}
[2011-07-03 21:35:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-07-03 21:35:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-07-03 21:35:23 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011-07-03 21:35:23 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-07-03 21:35:23 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-07-03 21:35:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-07-03 21:35:22 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-06-29 23:47:11 | 000,000,000 | ---- | C] () -- C:\Users\Beata\AppData\Local\{A38E3861-2465-4CC5-BC3F-F6C5EDF80FD2}
[2011-03-06 17:48:31 | 000,000,093 | ---- | C] () -- C:\Users\Beata\AppData\Local\fusioncache.dat
[2011-03-06 17:44:59 | 001,667,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-02-04 20:33:36 | 000,005,632 | ---- | C] () -- C:\Users\Beata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-05 21:13:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-09-28 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Canon
[2011-08-15 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\DAEMON Tools Lite
[2012-01-29 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Dev-Cpp
[2011-08-28 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ESET
[2012-07-19 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Gadu-Gadu 10
[2012-01-29 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\GetRightToGo
[2011-08-11 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\GHISLER
[2012-07-06 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ipla
[2010-12-06 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Leadertech
[2012-05-20 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\muzo
[2011-03-06 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Nokia
[2011-01-14 19:00:12 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\OpenFM
[2011-04-13 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Opera
[2011-11-19 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\OxyForensic
[2011-03-06 18:07:18 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\PC Suite
[2011-08-23 10:15:45 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\PhotoScape
[2012-01-26 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Rovio
[2011-11-27 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\SumatraPDF
[2012-02-18 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\TeamViewer
[2010-12-11 23:56:05 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\Tific
[2010-12-09 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\WildTangent
[2012-06-11 15:20:11 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\ZalmanInstaller_otshot
[2011-06-06 07:38:59 | 000,000,000 | ---D | M] -- C:\Users\Beata\AppData\Roaming\_MDLogs
[2012-07-17 10:23:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 872 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded: Game of the Year Edition.lnk
@Alternate Data Stream - 860 bytes -> C:\Users\Public\Desktop\Worms Reloaded: Game of the Year Edition.lnk

< End of report >


Kod: Zaznacz wszystko
OTL Extras logfile created on: 2012-07-22 15:37:22 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Beata\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,80 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 51,55% Memory free
7,60 Gb Paging File | 5,36 Gb Available in Paging File | 70,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,25 Gb Total Space | 269,41 Gb Free Space | 59,57% Space Free | Partition Type: NTFS
Drive D: | 13,22 Gb Total Space | 1,89 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 89,33 Mb Free Space | 90,21% Space Free | Partition Type: FAT32

Computer Name: BEATA-KOMPUTER | User Name: Beata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C683AF-A224-4B54-90D0-414B7A9B7BAC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{091D44F5-7BBE-49DF-ABCC-7C90BC603F3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09398B8A-7550-4F6B-8979-7BA7599C3D1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C0B1658-DA24-45F6-8131-06DB921BD4C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1493A647-90CC-4138-BF3F-0BE09F1DB61E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17CAFD77-AC0D-4A0C-9E4A-5E536112CFFA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C4952A1-EDA2-45C7-BEC8-C9265AE11FA0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1EB05AEB-207C-472D-82C7-693C1778445A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{24481547-8744-4FA8-9BD4-023789196726}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{28252E06-A9C6-499D-8A5E-A2EF8BABB157}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A500D34-0B51-4B6C-AA4F-3E3E606B6DB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BC30C9E-B394-4F6D-94EC-59EB553FDF9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C2898D9-F465-44AA-9485-6EA8A7A87E10}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D4F73AF-C498-480A-B3F6-DA204C7BF335}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3728677B-0E36-40DB-8BF4-2852B3D7E28B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B15E05C-D2E2-4F05-B430-8B2F50A8A292}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47E640CB-C4CB-47F0-992D-DE3F215232FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{48F75F8D-5B67-47A0-BA5A-DDFF214EA75B}" = lport=139 | protocol=6 | dir=in | app=system |
"{500E9C4F-78B1-4BB2-A40D-E29DBF48409E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{50ECBFA3-EB54-408A-B57F-FF935C9F6DD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{605B5164-E224-4287-A82E-D6EB0B8FAEEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63C1F541-5948-46B3-AC80-88A2D62E95F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6747DF28-D46B-43F6-AC55-47DB9B1BD168}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B1F0037-B059-4050-8AF4-DAAE63290F52}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B0A113E-8966-4966-876E-977E164280F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{81CE2C15-88CE-43AC-9850-DEE04C7CBFBD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85008CDE-8CA1-405B-8E1B-AE24CA2AD94D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95C1EED7-E3FB-4776-86C5-D448745DF355}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D183518-B758-45E4-A130-C4D1264B31F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3A50202-A8CE-4A06-9AC1-E72D1B321A2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9DA43B6-30AA-4E44-8A89-BAD74D5B8A6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAB44A8D-5F21-40BA-A0B0-31229E1FCBFF}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7D09FA2-47C6-4E96-9A20-D94D668D0669}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA6B177E-3AE3-4533-BE88-B03452258F69}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F517CA79-385C-4275-A114-4EEA281DFAED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA01BFCE-96F1-4D41-960E-FB2DECD68C22}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09512FFD-FE53-4401-843A-65F84C7D9DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0F001507-3324-452C-B1A1-207F8C02BC53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19613443-D1D1-40B1-8232-15CE77854807}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1B831218-925D-4848-AEDC-8D2E9FB34E8B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24D4A7E9-66B9-48E3-8F45-65619C05859E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DD94C86-FD38-41B6-9396-A44D6BC9D171}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{327D7C0E-7C25-4AA7-B987-5BF39413AF45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3DC016D2-4F4B-4AF9-A3CB-6BBC678EF32A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3EC57988-BBCD-4F97-9490-6235F4F302EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{406F2F4B-AEC8-400A-8981-8379AC3BDDD7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48FEA903-D161-421A-8961-5FC9DB2FAEB7}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{4EA09303-BCF5-4A7E-A602-B3D006AB08B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{521B2526-28C9-49D2-B37F-E8BFAF49BAC0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5BE51ECC-22FB-4365-ADDD-FCD4D8E5FED4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5BECF637-A76E-466F-A62C-6F3FF9AA7547}" = protocol=6 | dir=out | app=system |
"{616FB61B-C86A-4B55-A050-259343EBC268}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F0D9922-969C-4681-8173-985014F1F551}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{7713BFF4-3AA9-4750-8B2C-768B701501AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{787BBF52-0F44-4FF9-BD40-9F77963B61A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{790CD358-2EC7-49A6-8693-BE7E9761B4FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E4FFC61-F63E-440C-8D69-CE45C53A93B3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90F5C689-61C8-4B15-8F48-F2E247D9FB46}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{95BBC559-F787-46F9-BB55-FA02D223F05F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A09DD4A5-C253-4820-8132-9FED81CAAD22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5EE264E-D532-4E88-B9F2-6D8E7B16D4A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\the settlers 7 - droga do królestwa\data\base\_dbg\bin\release\settlers7r.exe |
"{A73C9F32-A5DC-4BAE-859A-9C7DEEAB3D1D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AAFD94D2-7F16-45AB-884E-C298AE6538C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0B88DD4-35F9-4CAE-B3EE-8880A13BB93D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B73B7266-EE72-4872-A8B3-B95E6BB2025C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BDE67F64-065F-42D8-B9DA-673A8E41EEB6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D5F43DF9-060D-422D-80C5-783F6976A681}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6AF1A33-D97C-4F92-969E-68AE961F403D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E3657589-464B-472D-BD8F-E0D831E021B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E48770A2-DCFE-427A-B06E-84826AFF3BE0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{E51BFD5A-8145-4DA2-9856-CC7461516A84}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E60C234A-F10F-4AF6-BBC7-44BC84573211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECB7E5C8-7D80-469B-A66F-9D903CE346F9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F03FFD90-2794-4A83-9655-E56ABD15F886}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F10B4DC8-8FE0-442F-9C9E-95A3743FB18E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F326EA02-2429-4115-A8CB-DF4E98CAAD2B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F4842F8A-09BC-4ADE-829E-1943B80B0C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{F62B6FF1-724E-444C-990B-8D52A22D17F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\the settlers 7 - droga do królestwa\data\base\_dbg\bin\release\settlers7r.exe |
"{F90D8D0A-A5D6-460B-B2FA-E945DB7CF019}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FDCE194A-69F6-44E4-A29D-9B524DF8272F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{FF237AD5-EBEC-4773-9806-2CEBDD32394A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03BAC711-9FCB-462B-999D-3F89661C8FAE}C:\users\beata\appdata\local\temp\cprogram files (x86)opera\opera.exe" = protocol=6 | dir=in | app=c:\users\beata\appdata\local\temp\cprogram files (x86)opera\opera.exe |
"TCP Query User{20AA75D8-564F-4232-81A3-35927D5F79E8}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{2611F985-77CD-44F8-B019-87BACC6C4217}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3421A4C6-0C4E-45BD-A832-30E1C813D05F}C:\users\beata\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\beata\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{5AE6C9E1-A23C-434C-9568-CCE0A6FB3974}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{7A6CFDFA-72B7-4C3B-86FF-6FF148608D08}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{9D7F790A-16E0-41AB-9D56-F6968D931698}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AE63A9B0-3E99-4774-AC06-DC357E7881B2}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{CEB45C85-B008-4CD4-9BE2-C53D75104F2E}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{D7BBEF55-970F-42BE-AE52-3CE6494B0012}C:\users\beata\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\beata\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{FA111673-A033-437A-B732-0A0D07129546}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{0D169288-A639-40B7-850E-0B34A126293C}C:\users\beata\appdata\local\temp\cprogram files (x86)opera\opera.exe" = protocol=17 | dir=in | app=c:\users\beata\appdata\local\temp\cprogram files (x86)opera\opera.exe |
"UDP Query User{49FB6D05-D509-4372-A529-FDB4411C16C9}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{7D739C8D-E472-4D01-BC94-2F39FACA2D4F}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{7F736F09-954D-432F-8592-A7F9C5C292CC}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{860B421E-2FBA-4242-BB9E-680BA91B0A3A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8616D9BF-E8F3-4331-AC67-DC058E3D2F7E}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{8B1C71BA-B727-4003-90C5-604F684CA65A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AFB1833E-D71B-4229-9799-9B66E5492E3C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C5641FFC-4830-4D31-94A0-50C2B65370B5}C:\users\beata\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\beata\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{DECBE0AE-7C48-4856-BEE8-3D9FA1391ED5}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{ED4BD13B-A1C8-443E-8FDF-C5DF31170B86}C:\users\beata\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\beata\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{197BCC03-3B00-4D24-92CC-2D614A11AB7C}" = ESET Smart Security
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{40EBF2AE-37EC-4299-BD1A-CD7B8F666A2B}" = HP Wireless Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55A4978B-CC3A-E5C2-5567-95B70A1D1432}" = ccc-utility64
"{5846E720-C188-478F-B501-45EA1ACC44D1}_is1" = MailShare
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = HP Deskjet 2050 J510 series Badanie ulepszeń produktu
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C9083B9D-9092-FF22-DDCC-9776E69BE816}" = ATI Catalyst Install Manager
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CanonMyPrinter" = Canon My Printer
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00FF3F93-F2CE-BFBE-347E-C49F3A1780D9}" = CCC Help Dutch
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F458B1E-459F-43CF-BC0A-3E94F97A1CD3}" = HP Software Framework
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{223B6018-B8A2-7090-7BA9-4E2002DCAB86}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3ECBC47D-7913-8D9D-8703-DC1969CB252A}" = CCC Help Danish
"{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43861B2A-0548-46B7-56E3-F2AB01311C7E}" = CCC Help Greek
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4EDCB0CC-305A-2D52-E9A5-E6CA59DFF2F7}" = CCC Help Turkish
"{4F80ACED-DE98-ECF3-0559-098936A13994}" = Catalyst Control Center Graphics Full New
"{51343725-98F7-D613-E46D-3C2198DF0162}" = Catalyst Control Center Core Implementation
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{621E909B-9AD0-8E66-336F-5B0284145719}" = CCC Help Japanese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63CE9AEA-F3F7-C1DC-EC4E-27A0DF0B9261}" = Catalyst Control Center Graphics Previews Common
"{63D08574-EC96-44F1-8973-8BA847C2BB22}" = Moorhuhn Kart XS (PL)
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B78BA3C-795D-C47D-5DD3-BEA98FF7CD6C}" = CCC Help Norwegian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F4B5D6B-6FA4-ACDE-F89C-BF437D2302AF}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E108BF-C1B2-A945-9EFC-FFA030D20E1E}" = CCC Help Russian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8354E8D3-B6FF-079F-E82F-73128A84A354}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934B3B9F-8B5F-AA7F-770E-117C9B7B4DCA}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{99CFB83D-D10A-F740-2EE5-02BB86F79BBB}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9B90C530-7A5F-7997-6275-A66AB973148B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC22E56-5466-8E1E-4533-81E0AC51120B}" = CCC Help Spanish
"{AB4CE98A-220A-1F05-A513-6CA5C9F34A8A}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.6 - Polish
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C2483D27-D725-95FD-6EBF-8AAE23A8342C}" = CCC Help Portuguese
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C388F68C-5AA9-ECE2-6FD7-73EB09FD5130}" = CCC Help Korean
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C829AA7D-3113-0942-06D1-1A2CFA850920}" = CCC Help French
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC639DE4-356A-B032-BE59-52ED46879591}" = CCC Help Thai
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D3058349-D2ED-4A3B-651B-9882B3BD7F8D}" = Catalyst Control Center Localization All
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3E9CA09-20E8-F218-15F3-3E1CA0EEFB4D}" = PX Profile Update
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{D895ACBB-697F-1C12-6E3F-3A6229D19857}" = CCC Help German
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D9ABACA0-5C8B-6D8E-6881-65EF2F13B987}" = CCC Help Polish
"{DE22695F-CB6A-B64F-8477-275C1FCF3001}" = Catalyst Control Center Graphics Full Existing
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AD9B8-1A7C-87E9-2ABE-8F852A89A369}" = CCC Help English
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EAA941D9-93E7-2C0B-0754-0806755CD5F3}" = ccc-core-static
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EF0970F3-19FE-CDA9-837B-C9EA53D5DBED}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}" = HP User Guides 0211
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F580D6C2-140E-143A-1013-3C3A4FCCB3A1}" = CCC Help Chinese Traditional
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9842DD1-81B6-AF2C-72C2-F28B56A5B6DF}" = CCC Help Swedish
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FC18AB8F-9BA3-423B-91F2-622990F57978}" = Nero 11
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"572447c5" = Contextual Tool Sleekseek
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Anemone" = Anemone
"Bubble Bobble Nostalgie_is1" = Bubble Bobble Nostalgie
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EasyBits Magic Desktop" = Magic Desktop
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gadu-Gadu 10" = Gadu-Gadu 10
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"ipla" = ipla 2.3.5
"Jazz Jackrabbit 2 Secret Files" = Jazz Jackrabbit 2 Secret Files
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Mario Forever" = Mario Forever 4.0
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mobile Navigator_is1" = Mobile Navigator v3.0B
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"muzo" = muzo 0.1
"My HP Game Console" = HP Game Console
"Opera 11.64.1403" = Opera 11.64
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"The Sims" = The Sims
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VMidi" = vanBasco's Karaoke Player
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"Worms Reloaded: Game of the Year Edition (c) Tea~DA4FE166_is1" = Worms Reloaded: Game of the Year Edition (c) Team17 Software Ltd. version 1
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082439" = Bus Driver
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082463" = Zuma's Revenge
"WT083484" = Escape Rosecliff Island
"WT083492" = Agatha Christie - Death on the Nile
"ZTE Remote NDIS_is1" = ZTE Remote NDIS Device

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3756977198-2539240120-1013761767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BankBrowser" = BankBrowser
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-22 05:24:34 | Computer Name = Beata-Komputer | Source = Application Hang | ID = 1002
Description = Program OTL.exe w wersji 3.2.54.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji.    Identyfikator procesu: 13e8    Godzina rozpoczęcia: 01cd67eaf6d127ba    Godzina zakończenia:
6    Ścieżka aplikacji: C:\Users\Beata\Documents\OTL.exe    Identyfikator raportu: 062ab00a-d3df-11e1-9d59-90fba6aa3b8b


Error - 2012-07-22 08:42:42 | Computer Name = Beata-Komputer | Source = Application Hang | ID = 1002
Description = Program wmplayer.exe w wersji 12.0.7601.17514 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
Centrum akcji.    Identyfikator procesu: 1068    Godzina rozpoczęcia: 01cd67e708d22a11    Godzina
zakończenia: 10    Ścieżka aplikacji: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Identyfikator
raportu: b5ec16d7-d3fa-11e1-9d59-90fba6aa3b8b 

Error - 2012-07-22 08:43:04 | Computer Name = Beata-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: wmpnetwk.exe, wersja: 12.0.7601.17514,
sygnatura czasowa: 0x4ce7ae7f  Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja:
6.1.7601.17651, sygnatura czasowa: 0x4e21213c  Kod wyjątku: 0x0000046b  Przesunięcie
błędu: 0x000000000000cacd  Identyfikator procesu powodującego błąd: 0xe80  Godzina
uruchomienia aplikacji powodującej błąd: 0x01cd67e6b54638e5  Ścieżka aplikacji powodującej
błąd: C:\Program Files\Windows Media Player\wmpnetwk.exe  Ścieżka modułu powodującego
błąd: C:\Windows\system32\KERNELBASE.dll  Identyfikator raportu: c73af19f-d3fa-11e1-9d59-90fba6aa3b8b

Error - 2012-07-22 08:57:04 | Computer Name = Beata-Komputer | Source = SideBySide | ID = 16842787
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8.  Tożsamość składnika
znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.  Odwołanie to
WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definicja to
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Użyj narzędzia
sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-07-22 09:11:34 | Computer Name = Beata-Komputer | Source = VSS | ID = 8194
Description =

Error - 2012-07-22 09:12:33 | Computer Name = Beata-Komputer | Source = SideBySide | ID = 16842787
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8.  Tożsamość składnika
znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.  Odwołanie to
WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definicja to
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Użyj narzędzia
sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-07-22 09:13:11 | Computer Name = Beata-Komputer | Source = SideBySide | ID = 16842787
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8.  Tożsamość składnika
znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.  Odwołanie to
WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definicja to
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Użyj narzędzia
sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-07-22 09:17:12 | Computer Name = Beata-Komputer | Source = SideBySide | ID = 16842787
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8.  Tożsamość składnika
znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.  Odwołanie to
WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definicja to
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Użyj narzędzia
sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2012-07-22 09:23:45 | Computer Name = Beata-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 6.1.7600.16385,
sygnatura czasowa: 0x4a5bc3c1  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
6.1.7601.17725, sygnatura czasowa: 0x4ec4aa8e  Kod wyjątku: 0xc0000005  Przesunięcie
błędu: 0x0000000000020a4a  Identyfikator procesu powodującego błąd: 0x3bc  Godzina
uruchomienia aplikacji powodującej błąd: 0x01cd68094f510411  Ścieżka aplikacji powodującej
błąd: C:\Windows\system32\svchost.exe  Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator
raportu: 76455910-d400-11e1-acff-90fba6aa3b8b

Error - 2012-07-22 09:34:56 | Computer Name = Beata-Komputer | Source = SideBySide | ID = 16842787
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe". Błąd w pliku manifestu lub w pliku zasad "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" w wierszu 8.  Tożsamość składnika
znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.  Odwołanie to
WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definicja to
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Użyj narzędzia
sxstrace.exe, aby uzyskać szczegółową diagnozę.

[ Hewlett-Packard Events ]
Error - 2011-05-11 09:16:37 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051111031634.xml
File not created by asset agent

Error - 2011-08-29 04:52:25 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = pl-PL Odwołanie do obiektu nie zostało ustawione na wystąpienie obiektu.
HP.ActiveSupportLibrary

   w HP.ActiveSupportLibrary.Issues.HPSFSession.?()

Error - 2011-08-31 12:05:49 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = pl-PL Odwołanie do obiektu nie zostało ustawione na wystąpienie obiektu.
HP.ActiveSupportLibrary

   w HP.ActiveSupportLibrary.Issues.HPSFSession.?()

Error - 2011-09-07 09:41:46 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091107034138.xml
File not created by asset agent

Error - 2011-09-14 09:02:34 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091114030226.xml
File not created by asset agent

Error - 2011-09-21 09:54:41 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091121035433.xml
File not created by asset agent

Error - 2011-11-09 10:30:25 | Computer Name = Beata-Komputer | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111109033017.xml
File not created by asset agent

[ HP Software Framework Events ]
Error - 2012-06-06 10:00:03 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-06 16:00:03.102|00000ECC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-06-06 10:01:54 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-06 16:01:54.737|000007E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-06-13 09:45:04 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-13 15:45:04.511|000008F4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-06-20 08:27:45 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-20 14:27:45.906|00001560|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-06-20 08:29:41 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-20 14:29:41.252|000003AC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-06-27 08:12:04 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-06-27 14:12:03.636|000018D4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-07-04 08:42:29 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-07-04 14:42:29.285|0000087C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-07-11 08:08:02 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-07-11 14:08:02.004|00000AE8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-07-11 08:09:47 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-07-11 14:09:47.509|00000CF8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 2012-07-18 08:37:27 | Computer Name = Beata-Komputer | Source = CaslWmi | ID = 5
Description = 2012-07-18 14:37:26.963|00001868|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 2012-07-21 13:05:30 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode)     w System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   w HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 2012-07-21 13:42:53 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode)     w System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   w HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 2012-07-21 13:42:53 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported     w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode)     w System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   w HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 2012-07-21 15:33:47 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-21 17:21:52 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-22 03:50:56 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-22 04:50:35 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-22 08:58:52 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-22 09:30:54 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2012-07-22 09:36:59 | Computer Name = Beata-Komputer | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ Media Center Events ]
Error - 2011-01-25 11:11:12 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 16:11:12 - Błąd podczas nawiązywania połączenia z Internetem.  16:11:12
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-26 12:25:04 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 17:25:04 - Błąd podczas nawiązywania połączenia z Internetem.  17:25:04
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-27 06:39:59 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 11:39:59 - Błąd podczas nawiązywania połączenia z Internetem.  11:39:59
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-28 06:52:43 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 11:52:43 - Błąd podczas nawiązywania połączenia z Internetem.  11:52:43
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-29 04:40:04 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 09:40:04 - Błąd podczas nawiązywania połączenia z Internetem.  09:40:04
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-30 05:02:34 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 10:02:34 - Błąd podczas nawiązywania połączenia z Internetem.  10:02:34
-     Nie można skontaktować się z serwerem.. 

Error - 2011-01-31 06:06:16 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 11:06:15 - Błąd podczas nawiązywania połączenia z Internetem.  11:06:16
-     Nie można skontaktować się z serwerem.. 

Error - 2011-02-01 06:38:02 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 11:38:02 - Błąd podczas nawiązywania połączenia z Internetem.  11:38:02
-     Nie można skontaktować się z serwerem.. 

Error - 2011-02-02 05:36:30 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 10:36:30 - Błąd podczas nawiązywania połączenia z Internetem.  10:36:30
-     Nie można skontaktować się z serwerem.. 

Error - 2011-02-03 07:40:45 | Computer Name = Beata-Komputer | Source = MCUpdate | ID = 0
Description = 12:40:45 - Błąd podczas nawiązywania połączenia z Internetem.  12:40:45
-     Nie można skontaktować się z serwerem.. 

[ OSession Events ]
Error - 2012-03-28 10:11:25 | Computer Name = Beata-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1181
seconds with 960 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 2012-07-22 08:57:30 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą Usługa buforowania czcionek platformy Windows Presentation Foundation,
wersja 3.0.0.0.

Error - 2012-07-22 08:57:30 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows
Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu:   %%1053

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa System zdarzeń COM+ niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Host dostawcy odnajdowania funkcji niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa listy sieci niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 100 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa interfejsu magazynu sieciowego niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom usługę ponownie.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa Protokół SSTP niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność
korekcyjna: Uruchom usługę ponownie.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Host usługi diagnostyki niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2012-07-22 09:23:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP niespodziewanie
zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta
następująca czynność korekcyjna: Uruchom usługę ponownie.

Error - 2012-07-22 09:25:48 | Computer Name = Beata-Komputer | Source = Service Control Manager | ID = 7032
Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom
usługę ponownie) po nieoczekiwanym zakończeniu usługi Usługa interfejsu magazynu
sieciowego, ale ta akcja nie powiodła się przy następującym błędzie:   %%1056.


< End of report >
arehiba
~user
 
Posty: 45
Dołączenie: 22 Lip 2012, 11:15



Jak usunąć ad.yieldmanager.com ?

Postprzez wojtas 25 Lip 2012, 19:20

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 9
>>> Java™ 6
>>> Mozilla Firefox
>>> Adobe Flash Player

napisz jak sytuacja z komputerem :)
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 8 gości