Podejrzenie keyloggera 2/2

[Kapucino]

Dobra, jedziem teraz z drugim kompem, tutaj może być więcej zabawy, bo od instalacji Windowsa, nie miał chyba sprawdzanych logów. Od razu na wstępie dodam, że jest to modyfikowany Windows XP ( Windows X-Treme ). Z góry dzięki za pomoc.

[wojtas]

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

nic takiego nie widać

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Services
XDva388
XDva383
XDva349
vcdrom

:Commands

[emptytemp]



Kliknij wykonaj skrypt. I potwierdź reset komputera .

[Kapucino]

Ok, nie miałem jakiś czas dostępu do tego PC. Zrobiłem o co prosiłeś.

Log z AdwCleaner:

Kod: Zaznacz wszystko

# AdwCleaner v1.608 - Logfile created 06/01/2012 at 18:53:27
# Updated 27/05/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# User : UserX - FILIP
# Running from : D:\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [851 octets] - [01/06/2012 18:53:27]

########## EOF - C:\AdwCleaner[S1].txt - [978 octets] ##########


OTL:

Kod: Zaznacz wszystko

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service XDva388 stopped successfully!
Service XDva388 deleted successfully!
Service XDva383 stopped successfully!
Service XDva383 deleted successfully!
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
Service vcdrom stopped successfully!
Service vcdrom deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UserX
->Temp folder emptied: 10779399 bytes
->Temporary Internet Files folder emptied: 20902370 bytes
->Java cache emptied: 3027374 bytes
->FireFox cache emptied: 77001476 bytes
->Flash cache emptied: 2994272 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 287744 bytes
Windows Temp folder emptied: 9187274 bytes
RecycleBin emptied: 181917 bytes

Total Files Cleaned = 119,00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 06012012_185707

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


[wojtas]

daj nowego loga jeszcze dla sprawdzenia

[Kapucino]

Loga? Masz na myśli tylko OTL?

OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2012-06-02 10:37:55 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = D:\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,28% Memory free
9,09 Gb Paging File | 8,71 Gb Available in Paging File | 95,85% Paging File free
Paging file location(s): C:\pagefile.sys 6144 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,10 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
Drive D: | 416,92 Gb Total Space | 169,56 Gb Free Space | 40,67% Space Free | Partition Type: NTFS

Computer Name: FILIP | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-05-24 18:32:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-04-29 00:18:46 | 000,161,736 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-03-31 18:32:50 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-03-30 21:59:04 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2011-03-21 16:14:38 | 001,126,400 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe
PRC - [2009-08-31 18:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-08-31 16:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-05-28 15:32:26 | 000,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009-02-24 13:23:28 | 001,599,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-12-24 16:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-09-19 20:27:44 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-24 19:37:34 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-LogRotatorService\248618727c808c5ce5f09bfbe453bad4\HD-LogRotatorService.ni.exe
MOD - [2012-05-05 13:12:34 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-03-31 18:32:49 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010-07-07 11:01:28 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
MOD - [2010-05-10 16:02:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009-08-31 16:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
MOD - [2009-08-25 14:56:22 | 011,677,696 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtWebKit4.dll
MOD - [2009-08-25 14:56:22 | 008,024,064 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtGui4.dll
MOD - [2009-08-25 14:56:22 | 002,195,456 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtCore4.dll
MOD - [2009-08-25 14:56:22 | 000,970,752 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtNetwork4.dll
MOD - [2009-08-25 14:56:18 | 000,393,216 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtXml4.dll
MOD - [2009-08-25 14:56:18 | 000,299,008 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtSvg4.dll
MOD - [2009-08-25 14:55:40 | 000,303,104 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qtiff4.dll
MOD - [2009-08-25 14:55:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qmng4.dll
MOD - [2009-08-25 14:55:40 | 000,212,992 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\gglog.dll
MOD - [2009-08-25 14:55:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qjpeg4.dll
MOD - [2009-08-25 14:55:40 | 000,118,784 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipcradioproxy.dll
MOD - [2009-08-25 14:55:40 | 000,023,552 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qgif4.dll
MOD - [2009-08-25 14:55:40 | 000,023,040 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcrypto.dll
MOD - [2009-08-25 14:55:40 | 000,018,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qsvg4.dll
MOD - [2009-08-25 14:55:40 | 000,012,800 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipc.dll
MOD - [2009-08-25 14:55:38 | 000,352,256 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcommon.dll
MOD - [2009-08-25 14:55:30 | 000,059,904 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\zlib1.dll
MOD - [2009-07-11 10:53:01 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009-07-11 10:52:56 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2008-12-24 16:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008-12-05 17:03:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004-09-19 20:27:44 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
MOD - [2004-09-19 20:27:34 | 000,069,632 | ---- | M] () -- C:\Program Files\LClock\LC.dll
MOD - [2004-09-19 20:27:30 | 000,081,920 | ---- | M] () -- C:\Program Files\LClock\Calendar.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-05 13:12:35 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-29 00:18:46 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-03-30 21:59:04 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012-03-30 21:58:24 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011-03-21 16:14:38 | 001,126,400 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-11-27 19:37:41 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-12-16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009-05-28 15:32:26 | 000,053,760 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008-12-24 16:52:08 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\UserX\Ustawienia lokalne\Temp\WJB4F8.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2023-10-28 20:29:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2012-06-02 10:36:16 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012-03-30 21:58:52 | 000,066,912 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2011-05-10 12:24:24 | 006,406,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011-03-21 16:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisPT)
DRV - [2011-03-21 16:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisMP)
DRV - [2011-03-21 16:44:24 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2009-12-19 18:22:30 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-05-28 15:32:24 | 000,108,032 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009-04-04 22:51:12 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2008-10-30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-10-17 10:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008-10-17 10:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008-08-29 01:40:40 | 000,111,104 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-05-25 20:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mythos-europe.com
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-2147116355-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: greasefire@skrul.com:1.0.4
FF - prefs.js..network.proxy.http: "217.98.20.195"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\hsxmuxq0.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-31 18:32:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-28 22:55:01 | 000,000,000 | ---D | M]

[2009-07-11 15:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Extensions
[2012-05-25 22:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\hsxmuxq0.default\extensions
[2012-05-20 01:42:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Mozilla\Firefox\Profiles\hsxmuxq0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-04-29 00:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-05-25 22:43:15 | 000,336,363 | ---- | M] () (No name found) -- C:\DOKUMENTY I USTAWIENIA\USERX\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\HSXMUXQ0.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012-04-04 19:06:57 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTY I USTAWIENIA\USERX\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\HSXMUXQ0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-05-18 19:44:11 | 005,438,448 | ---- | M] () (No name found) -- C:\DOKUMENTY I USTAWIENIA\USERX\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\HSXMUXQ0.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2012-03-31 18:32:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-03-31 18:32:48 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-03-31 18:32:48 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-03-31 18:32:48 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-03-31 18:32:48 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-03-31 18:32:48 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-03-31 18:32:48 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-08-21 12:57:48 | 000,001,052 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll (Amaze Soft)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-18..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-20..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" File not found
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-500..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-839522115-2147116355-1801674531-500..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2147116355-1801674531-500\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C1D091-2E5A-45D5-A94E-C62904D09B64}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-11 10:50:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-05-12 00:37:49 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-05-12 00:37:49 | 000,000,061 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{88657002-6e03-11de-9a16-806d6172696f}\Shell\AutoRun\command - "" = utcddeq.exe
O33 - MountPoints2\{88657002-6e03-11de-9a16-806d6172696f}\Shell\open\Command - "" = utcddeq.exe
O33 - MountPoints2\{88657007-6e03-11de-9a16-806d6172696f}\Shell\AutoRun\command - "" = utcddeq.exe
O33 - MountPoints2\{88657007-6e03-11de-9a16-806d6172696f}\Shell\open\Command - "" = utcddeq.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2023-10-28 20:29:59 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\Hamachi
[2012-06-02 00:21:01 | 000,000,000 | RH-D | C] -- C:\Dokumenty i ustawienia\UserX\Recent
[2012-05-25 14:45:02 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\NVIDIA
[2012-05-25 14:44:57 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\NVIDIA Corporation
[2012-05-25 14:44:52 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2012-05-25 14:44:52 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2012-05-25 14:44:52 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2012-05-25 14:44:52 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2012-05-25 14:44:52 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2012-05-25 14:44:52 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2012-05-25 14:44:52 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2012-05-25 14:44:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2012-05-25 14:44:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2012-05-25 14:44:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2012-05-25 14:44:52 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2012-05-25 14:44:52 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2012-05-25 14:44:52 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2012-05-25 14:44:52 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2012-05-25 14:44:52 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2012-05-25 14:44:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2012-05-25 14:44:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2012-05-25 14:44:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2012-05-25 14:44:52 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2012-05-25 14:44:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2012-05-25 14:44:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2012-05-25 14:44:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2012-05-25 14:44:52 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2012-05-25 14:44:52 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2012-05-25 14:44:52 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2012-05-25 14:44:52 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2012-05-25 14:44:52 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2012-05-25 14:44:52 | 000,143,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2012-05-25 14:44:52 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2012-05-25 14:44:51 | 015,504,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012-05-25 14:44:51 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2012-05-25 14:44:50 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2012-05-25 14:44:33 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-05-25 14:44:22 | 018,771,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012-05-25 14:44:22 | 006,012,928 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2012-05-25 14:44:22 | 002,530,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012-05-25 14:44:22 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012-05-25 14:44:22 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012-05-25 14:44:22 | 000,883,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012-05-25 14:44:21 | 017,543,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012-05-25 14:44:21 | 004,373,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012-05-25 14:44:21 | 002,359,808 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2012-05-24 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2012-05-24 19:34:14 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\BlueStacks
[2012-05-24 19:34:14 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\BlueStacks
[2012-05-24 19:34:14 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\BlueStacks
[2012-05-24 17:18:10 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Malwarebytes
[2012-05-24 17:18:08 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2012-05-24 17:18:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-05-24 17:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-05-24 17:18:07 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Malwarebytes
[2012-05-18 18:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012-05-18 18:59:14 | 000,000,000 | ---D | C] -- C:\Dokumenty i ustawienia\All Users\Menu Start\Programy\Diablo III

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2023-10-28 20:29:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2012-06-02 10:36:16 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012-06-02 10:36:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-02 00:12:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-01 23:18:12 | 000,223,232 | ---- | M] () -- C:\Dokumenty i ustawienia\UserX\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-01 19:01:41 | 000,023,180 | ---- | M] () -- C:\WINDOWS\System32\notepad.ini
[2012-06-01 18:51:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-25 14:47:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012-05-25 14:44:33 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-05-25 14:44:33 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-05-25 14:44:29 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-05-25 14:44:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-05-25 14:42:41 | 001,579,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-24 19:37:11 | 000,561,972 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-05-24 19:37:11 | 000,499,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-24 19:37:11 | 000,108,056 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-05-24 19:37:11 | 000,086,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-24 19:34:57 | 000,001,628 | ---- | M] () -- C:\Dokumenty i ustawienia\All Users\Pulpit\Start BlueStacks.lnk
[2012-05-18 19:47:43 | 000,000,827 | ---- | M] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\Diablo III.lnk
[2012-05-15 12:18:00 | 018,771,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012-05-15 12:18:00 | 017,543,168 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012-05-15 12:18:00 | 006,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2012-05-15 12:18:00 | 004,373,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012-05-15 12:18:00 | 002,807,708 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2012-05-15 12:18:00 | 002,530,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012-05-15 12:18:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012-05-15 12:18:00 | 002,359,808 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2012-05-15 12:18:00 | 001,000,768 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012-05-15 12:18:00 | 000,883,008 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012-05-15 12:18:00 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012-05-15 12:18:00 | 000,010,264 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-05-15 11:43:36 | 000,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2012-05-15 11:43:35 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2012-05-15 11:43:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2012-05-15 11:43:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2012-05-15 11:43:35 | 000,126,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2012-05-15 11:43:34 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2012-05-15 11:43:34 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2012-05-15 11:43:34 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2012-05-15 11:43:34 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2012-05-15 11:43:34 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2012-05-15 11:43:34 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2012-05-15 11:43:33 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2012-05-15 11:43:33 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2012-05-15 11:43:33 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2012-05-15 11:43:33 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2012-05-15 11:43:33 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2012-05-15 11:43:33 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2012-05-15 11:43:32 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2012-05-15 11:43:31 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2012-05-15 11:43:31 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2012-05-15 11:43:30 | 000,262,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2012-05-15 11:43:30 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2012-05-15 11:43:30 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2012-05-15 11:43:29 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2012-05-15 11:43:29 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2012-05-15 11:43:28 | 000,278,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2012-05-15 11:43:28 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2012-05-15 11:43:28 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2012-05-15 11:40:26 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2012-05-15 11:40:02 | 015,504,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012-05-15 11:40:02 | 000,143,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2012-05-15 11:40:01 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2012-05-05 13:12:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-05-05 13:12:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-25 14:44:29 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-05-25 14:44:29 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-05-25 14:44:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-05-25 14:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012-05-25 14:44:22 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-05-25 14:44:22 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012-05-24 19:34:57 | 000,001,628 | ---- | C] () -- C:\Dokumenty i ustawienia\All Users\Pulpit\Start BlueStacks.lnk
[2012-05-18 20:03:52 | 000,000,827 | ---- | C] () -- C:\Dokumenty i ustawienia\UserX\Pulpit\Diablo III.lnk
[2012-03-10 17:11:43 | 000,001,103 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2011-11-01 12:05:25 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2011-10-29 17:42:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011-07-14 21:57:55 | 000,000,032 | R--- | C] () -- C:\WINDOWS\hash.dat
[2011-06-24 13:38:34 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll
[2011-06-24 13:38:34 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll
[2011-05-21 11:47:18 | 000,317,204 | ---- | C] () -- C:\WINDOWS\A Tale in the Desert Uninstaller.exe.bak
[2011-03-13 15:57:04 | 000,000,317 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010-12-22 20:00:27 | 000,000,565 | ---- | C] () -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\myMPQ.ini

[color=#E56717]========== LOP Check ==========[/color]

[2009-09-29 22:24:10 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\AlawarWrapper
[2012-04-20 15:13:12 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net
[2012-05-24 19:34:18 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\BlueStacks
[2011-04-24 12:15:19 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Colibri Games
[2009-11-28 13:02:35 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-12-23 18:38:38 | 000,000,000 | -HSD | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\DSS
[2011-04-16 20:33:33 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\EA Core
[2011-04-16 20:33:33 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Electronic Arts
[2010-12-19 12:59:30 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Fallout3
[2010-04-21 19:45:17 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\HipSoft
[2011-05-13 18:20:57 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\InterAction studios
[2011-12-30 21:13:05 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\IObit
[2011-03-12 18:49:20 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\ipla
[2012-04-19 15:48:36 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Locktime
[2010-01-25 13:10:55 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\OpenFM
[2009-09-30 20:08:20 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\PopCap Games
[2011-05-01 20:23:36 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\TEMP
[2011-03-19 10:11:59 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Ubisoft
[2012-05-12 21:17:58 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\.minecraft
[2010-05-02 15:42:04 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Any Video Converter
[2012-03-10 23:35:48 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\BESTplayer
[2011-07-23 10:55:20 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\BITS
[2010-06-03 20:13:37 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Cream Software
[2009-11-28 13:02:04 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\DAEMON Tools Pro
[2010-06-16 23:05:32 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\GetRightToGo
[2011-01-01 15:49:54 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\GHISLER
[2010-12-24 12:29:53 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\GlarySoft
[2009-07-12 15:00:46 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\ImgBurn
[2011-07-02 11:01:15 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\inkscape
[2012-03-31 18:48:28 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\ipla
[2009-08-18 13:34:25 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\IrfanView
[2011-05-28 21:25:40 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\iZ3D Driver
[2010-03-28 10:55:55 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Leadertech
[2011-12-23 18:38:01 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Lionhead Studios
[2010-09-15 21:00:24 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\LolClient
[2011-05-01 20:23:40 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\ManifestoGames
[2010-05-18 13:49:22 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Marine Aquarium 3
[2009-09-30 18:57:59 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Nowe Gadu-Gadu
[2011-03-19 10:09:55 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\PunkBuster
[2011-03-04 23:28:10 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\RDRM
[2011-05-20 23:32:34 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Sony Online Entertainment
[2011-10-29 15:28:27 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Spore
[2012-04-04 22:54:48 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\TeamViewer
[2009-11-15 21:01:23 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Thinstall
[2012-03-31 18:57:01 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Tibia
[2011-03-19 10:11:59 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Ubisoft
[2012-04-19 00:07:52 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\uTorrent
[2011-03-19 13:44:48 | 000,000,000 | ---D | M] -- C:\Dokumenty i ustawienia\UserX\Dane aplikacji\Wroom

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Extras:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2012-06-02 10:37:55 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = D:\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,25 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 82,28% Memory free
9,09 Gb Paging File | 8,71 Gb Available in Paging File | 95,85% Paging File free
Paging file location(s): C:\pagefile.sys 6144 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,10 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
Drive D: | 416,92 Gb Total Space | 169,56 Gb Free Space | 40,67% Space Free | Partition Type: NTFS

Computer Name: FILIP | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- C:\Windows\notepad ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"C:\Program Files\FlashGet\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files\FlashGet\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\Gry\Blobby Volley\Blobby Volley.exe" = C:\Program Files\Gry\Blobby Volley\Blobby Volley.exe:*:Enabled:Blobby Volley -- ()
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Arieth\Monster Stacker v0.8.exe" = D:\Arieth\Monster Stacker v0.8.exe:*:Enabled:Monster Stacker v0.8
"C:\Program Files\Programy portable\uTorrent\utorrent.exe" = C:\Program Files\Programy portable\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Programy portable\TeamViewer\TeamViewer.exe" = C:\Program Files\Programy portable\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"D:\GameSpy Arcade\Aphex.exe" = D:\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\THPS4\Game\Skate4.exe" = D:\THPS4\Game\Skate4.exe:*:Enabled:Skate4 -- ()
"D:\Tony Hawk's Underground 2\Game\THUG2.exe" = D:\Tony Hawk's Underground 2\Game\THUG2.exe:*:Enabled:THUG2
"D:\Tony Hawk's Underground 2\Game\THUG2 English.exe" = D:\Tony Hawk's Underground 2\Game\THUG2 English.exe:*:Enabled:THUG2 English
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"D:\Downloads\LF2_v2\lf2.exe" = D:\Downloads\LF2_v2\lf2.exe:*:Enabled:lf2
"D:\Downloads\LF2BN\LF2_B-N.exe" = D:\Downloads\LF2BN\LF2_B-N.exe:*:Enabled:LF2_B-N
"D:\Downloads\WWP\wwp.exe" = D:\Downloads\WWP\wwp.exe:*:Enabled:Worms World Party
"D:\Need for Speed Underground 2\speed2.exe" = D:\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2
"D:\Warcraft\Warcraft III\Warcraft III.exe" = D:\Warcraft\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"D:\Warcraft\Warcraft III\War3.exe" = D:\Warcraft\Warcraft III\War3.exe:*:Enabled:Warcraft III
"D:\Warcraft III\War3.exe" = D:\Warcraft III\War3.exe:*:Enabled:Warcraft III
"D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"D:\Downloads\Emulatory\nnnester\nnnesterJ.exe" = D:\Downloads\Emulatory\nnnester\nnnesterJ.exe:*:Enabled:nnnesterJ -- (na)
"D:\Downloads\Emulatory\ePSXe 1.6\kaillerasrv.exe" = D:\Downloads\Emulatory\ePSXe 1.6\kaillerasrv.exe:*:Enabled:kaillerasrv
"D:\Downloads\WWP\Worms World Party\1.1 PL WWP.exe" = D:\Downloads\WWP\Worms World Party\1.1 PL WWP.exe:*:Enabled:Worms World Party
"D:\NVN2\nwn2main.exe" = D:\NVN2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"D:\NVN2\nwn2main_amdxp.exe" = D:\NVN2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"D:\NVN2\nwupdate.exe" = D:\NVN2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"D:\NVN2\nwn2server.exe" = D:\NVN2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"D:\NWN2\nwn2main.exe" = D:\NWN2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"D:\NWN2\nwn2main_amdxp.exe" = D:\NWN2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"D:\NWN2\nwupdate.exe" = D:\NWN2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"D:\NWN2\nwn2server.exe" = D:\NWN2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"D:\Downloads\DsNetS5\DsNetMUStart.exe" = D:\Downloads\DsNetS5\DsNetMUStart.exe:*:Enabled:<MU Anti-Cheat System>
"D:\Downloads\zetrix\zetrix.exe" = D:\Downloads\zetrix\zetrix.exe:*:Enabled:zetrix
"D:\SecondLife\SLVoice.exe" = D:\SecondLife\SLVoice.exe:*:Enabled:SLVoice
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Grand Theft Auto IV\GTAIV.exe" = D:\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Hedgewars\bin\hedgewars-server.exe" = D:\Hedgewars\bin\hedgewars-server.exe:*:Enabled:hedgewars-server
"D:\Hedgewars\bin\hedgewars.exe" = D:\Hedgewars\bin\hedgewars.exe:*:Enabled:hedgewars
"D:\Worms Armageddon - New Edition\WA.exe" = D:\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon
"D:\Assassins Creed 2\AssasinsCreedII-Razor1911-crackGame.exe" = D:\Assassins Creed 2\AssasinsCreedII-Razor1911-crackGame.exe:*:Enabled:AssasinsCreedII-Razor1911-crackGame
"D:\Downloads\server\server.exe" = D:\Downloads\server\server.exe:*:Enabled:server
"C:\Program Files\Heroes of Newerth\hon.exe" = C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth
"D:\Assassins Creed 2\AssassinsCreedIIGame.exe" = D:\Assassins Creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II
"D:\Assassins Creed 2\AssassinsCreedII.exe" = D:\Assassins Creed 2\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update
"D:\Assassins Creed 2\UPlayBrowser.exe" = D:\Assassins Creed 2\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay
"C:\Program Files\Ubisoft\Offline Launcher\server.exe" = C:\Program Files\Ubisoft\Offline Launcher\server.exe:*:Enabled:server
"C:\Program Files\Ubisoft\ACII Offline Launcher\server.exe" = C:\Program Files\Ubisoft\ACII Offline Launcher\server.exe:*:Enabled:server
"C:\Program Files\The Misadventures Of P.B. Winterbottom\Winterbottom.exe" = C:\Program Files\The Misadventures Of P.B. Winterbottom\Winterbottom.exe:*:Enabled:Winterbottom
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
"D:\MW\iw4mp.exe" = D:\MW\iw4mp.exe:*:Enabled:iw4mp
"C:\Program Files\steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme
"C:\Program Files\gpotato\TalesRunner\trgame.exe" = C:\Program Files\gpotato\TalesRunner\trgame.exe:*:Enabled:TalesRunner
"D:\GTA EFLC\EFLC.exe" = D:\GTA EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\StarCraft II\StarCraft II.exe" = D:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit
"C:\Program Files\Electronic Arts\Darkspore\DarksporeBin\Darkspore.exe" = C:\Program Files\Electronic Arts\Darkspore\DarksporeBin\Darkspore.exe:*:Enabled:Darkspore™
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher
"D:\Assassin's Creed Brotherhood\ACBSP.exe" = D:\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood
"D:\Assassin's Creed Brotherhood\ACBMP.exe" = D:\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer
"D:\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe" = D:\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update
"D:\Assassin's Creed Brotherhood\UPlayBrowser.exe" = D:\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay
"D:\Crysis 2\bin32\Crysis2.exe" = D:\Crysis 2\bin32\Crysis2.exe:*:Disabled:Crysis2
"D:\Portal2\portal2.exe" = D:\Portal2\portal2.exe:*:Enabled:portal2
"C:\Program Files\Petroglyph\Rise of Immortals\ClientLauncherR.exe" = C:\Program Files\Petroglyph\Rise of Immortals\ClientLauncherR.exe:*:Enabled:Petroglyph Client Launcher
"C:\Program Files\Petroglyph\Rise of Immortals\AoCClientR.exe" = C:\Program Files\Petroglyph\Rise of Immortals\AoCClientR.exe:*:Enabled:Rise of Immortals
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"D:\Wiedźmin 2\bin\witcher2.exe" = D:\Wiedźmin 2\bin\witcher2.exe:*:Disabled:The Witcher 2: Assasins of Kings
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"D:\Grand Chase Chaos\main.exe" = D:\Grand Chase Chaos\main.exe:*:Enabled:GrandChase
"D:\Cultures\Cultures.exe" = D:\Cultures\Cultures.exe:*:Enabled:Cultures
"D:\Rock of Ages\Binaries\Win32\RoA.exe" = D:\Rock of Ages\Binaries\Win32\RoA.exe:*:Enabled:RoA
"D:\Neverwinter Nights\nwmain.exe" = D:\Neverwinter Nights\nwmain.exe:*:Enabled:Neverwinter Nights
"C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 8 -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.649\Agent.exe" = C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.649\Agent.exe:*:Enabled:Blizzard Agent
"C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.868\Agent.exe" = C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.868\Agent.exe:*:Enabled:Blizzard Agent
"D:\Diablo III Beta\Diablo III.exe" = D:\Diablo III Beta\Diablo III.exe:*:Enabled:Diablo III Beta
"C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe" = C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2 -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.954\Agent.exe" = C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Program Files\Diablo III\Diablo III.exe" = C:\Program Files\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.976\Agent.exe" = C:\Dokumenty i ustawienia\All Users\Dane aplikacji\Battle.net\Agent\Agent.976\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1224.1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Impreza w plenerze Akcesoria
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{626B735B-3685-4FEC-B245-D7E382FE900B}_is1" = Bejeweled 3 version 1.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Nowoczesny apartament Akcesoria
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Miejskie Życie Akcesoria
"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Kariera
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 SP2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Wymarzone Podróże
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 SP2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D93E94CF-2816-4D52-83DE-FE3237705EDC}" = BlueStacks (beta-1)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Pokolenia
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Szybka jazda Akcesoria
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.7.7
"ArtMoney PRO_is1" = ArtMoney PRO v7.28
"A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959)
"BadCopy Pro" = BadCopy Pro
"Botanicula_is1" = Botanicula
"Đűöŕđč Ěîđĺé" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet(JetCar)" = FlashGet(JetCar)
"Foxit PDF Editor" = Foxit PDF Editor
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"Gmask 1.70 English" = Gmask 1.70 English
"Grand Theft Auto IV_is1" = Grand Theft Auto IV v1.0 Eng
"Hamachi" = Hamachi 1.0.1.4
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"LClock" = LClock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl)
"M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"OpenAL" = OpenAL
"Sandboxie" = Sandboxie 3.38
"Sonic Generations_is1" = Sonic Generations
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"Steam App 570" = Dota 2
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 7" = TeamViewer 7
"Tibia_is1" = Tibia
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"wmfdist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XnView Shell Extension_is1" = XnView Shell Extension 2.5.2
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-839522115-2147116355-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Puzzle Pirates Test" = Puzzle Pirates Test

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-10-31 05:13:18 | Computer Name = FILIP | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2011-10-31 05:27:56 | Computer Name = FILIP | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2012-03-31 11:16:33 | Computer Name = FILIP | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2012-05-18 14:03:13 | Computer Name = FILIP | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-05-25 03:10:55 | Computer Name = FILIP | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

[ NetLimiter 3 Events ]
Error - 2012-05-24 12:27:00 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-05-25 03:10:48 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-05-25 08:42:49 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-05-25 08:46:40 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-05-26 04:12:31 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-05-27 05:01:57 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-06-01 12:51:29 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-06-01 12:54:59 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-06-01 12:58:45 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2012-06-02 04:36:16 | Computer Name = FILIP | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

[ OSession Events ]
Error - 2011-03-27 06:17:12 | Computer Name = FILIP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1296
seconds with 180 seconds of active time.  This session ended with a crash.

Error - 2011-05-08 11:27:41 | Computer Name = FILIP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7656
seconds with 3000 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 2010-04-04 04:26:12 | Computer Name = FILIP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „”  w celu uruchomienia serwera:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2010-04-04 04:26:23 | Computer Name = FILIP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „”  w celu uruchomienia serwera:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2010-04-04 04:29:46 | Computer Name = FILIP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „”  w celu uruchomienia serwera:  {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2010-04-05 02:53:53 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-06 00:54:55 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-07 08:45:14 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-08 07:32:38 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-09 01:45:58 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-09 07:44:35 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2

Error - 2010-04-10 03:50:42 | Computer Name = FILIP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%2


< End of report >

[wojtas]

nic nie widać, przejedź kompa Malwarebytes i pokaż raport ( pełny skan )