OTL Extras logfile created on: 2012-07-15 15:40:09 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\tjtgjgjgj.7-Komputer\Downloads 64bit- Ultimate Edition Service Pack 2 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,92 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 77,86% Memory free 11,76 Gb Paging File | 10,90 Gb Available in Paging File | 92,77% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 26,53 Gb Free Space | 27,20% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 272,86 Gb Free Space | 69,85% Space Free | Partition Type: NTFS Drive E: | 443,23 Gb Total Space | 438,23 Gb Free Space | 98,87% Space Free | Partition Type: NTFS Computer Name: 7-KOMPUTER | User Name: tjtgjgjgj | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2579310384-3243712190-1797467736-1008\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallOverride" = 1 "DisableThumbnailCache" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12A24F55-7F96-4D72-98FF-C9F0453BBB74}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{353FCB85-DA83-484E-BF3A-03DEABD5DA71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52747C49-1576-44E1-A322-191A29B9185D}" = lport=10243 | protocol=6 | dir=in | app=system | "{52F066FA-69AB-4A81-9711-DA47C4033157}" = rport=10243 | protocol=6 | dir=out | app=system | "{6E3A1FA4-FBD4-4504-85F5-E1D2A4404C1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E3F5FD1-8572-448D-8FD4-95D2936AA954}" = lport=2869 | protocol=6 | dir=in | app=system | "{7ED8BDA7-966A-4999-B6DF-FEBF7613D352}" = lport=32768 | protocol=17 | dir=in | name=dfxx | "{821ABBEA-6E91-4899-9535-0FB4381FD3B8}" = lport=137 | protocol=17 | dir=in | app=system | "{97E14EC5-56DA-45BD-A9A3-89750BAE9CE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2E7DD28-C3D9-4750-9689-DA1E1E45E237}" = rport=139 | protocol=6 | dir=out | app=system | "{A37E9E54-142F-467D-903F-AE8C812E01EC}" = rport=445 | protocol=6 | dir=out | app=system | "{B3AFA7C3-A161-4B14-B0F0-E55EBB99141F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C234591A-A7B7-416E-9371-BDEA849D7E63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C4DED91D-D94D-48C6-BC9C-87107FA9B10B}" = rport=138 | protocol=17 | dir=out | app=system | "{CAA7B869-2436-4525-9E0D-6848D237965B}" = rport=137 | protocol=17 | dir=out | app=system | "{CEBA0548-E174-4E70-A213-398BC78BF3FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{D8E31563-F717-485E-B24F-3759A4C75CFA}" = lport=138 | protocol=17 | dir=in | app=system | "{DA6FF9A3-6AF5-4F32-9E9F-FB48D18C7A90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E410B9B2-52B4-4669-BC7A-B6B307853683}" = lport=445 | protocol=6 | dir=in | app=system | "{F09D6E0D-C519-4FCA-AC55-3133941014F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA0B8C10-D88E-464C-BA03-6284EC23E0DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC25392E-B0C7-4C59-B473-90B99A0576BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC93C028-81C3-4ACE-8799-FAC746B833B7}" = lport=139 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018847E8-BB9B-4472-91F6-A6BBD43CCCC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{025F9C77-88F9-437B-A951-FFBA0DB1C0D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{09D1D9A6-5EA0-4F54-A92D-D0E0290745A0}" = protocol=17 | dir=in | app=c:\users\7\downloads\sweetimsetup.exe | "{0ACFC401-1ECE-4DC4-849E-07A4C2498D72}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{158EC5C6-D88D-44F1-8DEF-AB716ED1E85E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{28C6F56D-311E-426E-9699-FE1A919E72E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{330A4C0A-87E1-455D-AB2D-821D63A34FD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{35EA4FA7-CA0B-426E-97B9-43B55289670E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{42E93177-EED0-4F3C-A11F-F0D4C25B1F76}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{454F7030-7574-49D1-8BA7-767833997A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{4658A429-A07C-406C-8608-CAFA8228C1C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{497EE503-A16E-4D79-A829-F472B772A503}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4BAE5C04-9AC7-43BA-829B-C6F7A9A4899F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4EF872C3-4633-4A8B-BE97-362D15FF1CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{542381BE-0DDE-49B4-95C5-5FFC9CEA35F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{54F03E5D-B59A-420D-AB3C-86A7FE1E7BDB}" = protocol=6 | dir=out | app=system | "{5984558D-BAEA-418E-88FE-C05EFBBE5F1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5D823BD3-75B8-475B-94F7-43DD2607B8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{665F3C77-BDC4-4712-9426-C7AD0DFDB185}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B94E531-9A00-468C-A0DA-CBE59963AC1A}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{6C8ABC7A-D86E-4952-B971-700B6E9CFC3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{77C6C679-51B2-4410-AC33-1CD7263C0E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\agricultural simulator historical farming 2012\iupdate.dll | "{7968C50A-B295-48F1-BBDF-05B397BD4DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\agricultural simulator historical farming 2012\iupdate.dll | "{817DB854-C0CB-4505-A39E-D6FA9AD02348}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{83AB72EB-02C6-4ED1-87A6-17453741809D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{87065697-7553-45DE-B660-7438DC4EFEF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{874522EA-1478-4D7B-BC64-5F053A151E93}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{8F919907-EB9C-4BFC-8B24-751B6A98836A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{91601DCC-E0E4-4571-800C-CA862D04F1AF}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{9474966B-1A99-4D99-B8DA-66128DB7F8E0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{97DF0686-51AC-414A-930C-064946AD0DDE}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{9C011235-B855-47E0-835E-273A96A74CE1}" = protocol=6 | dir=in | app=c:\users\7\downloads\sweetimsetup.exe | "{9FD7F0B5-BDB2-462E-AFAA-3CADE5EF567E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A56D6460-50F7-405A-8501-713A4C524BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\agricultural simulator historical farming 2012\agrarhistory2012.dll | "{A75FC1BC-1DBD-4B16-8700-B6B03FD26B3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A948D088-585A-4FC1-992C-7643FEF8E338}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{AA3DA74E-9122-4573-A987-094559FFF928}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B0A1D12A-8973-4436-AA81-04A1F2C4D2FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B572FA65-1DAA-4866-B43E-EE8BDFAE9316}" = protocol=6 | dir=in | app=c:\program files (x86)\novalogic\delta force xtreme\update.exe | "{B99BA662-B46D-48AD-83E8-FF54259370E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C234F24D-0732-424D-9293-68169730E914}" = protocol=17 | dir=in | app=c:\program files (x86)\agricultural simulator historical farming 2012\agrarhistory2012.dll | "{C7F6A140-1394-4C4E-8038-B609C21EF680}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CC80F22F-1938-4FEA-9D16-5B916706F972}" = protocol=17 | dir=in | app=c:\program files (x86)\novalogic\delta force xtreme\dfx.exe | "{D00FBAC9-C18B-4300-B594-17F6BD9A06CE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{E1E3A314-48F3-44A2-8602-0A7DC9734AB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E44C6B18-8AA9-477E-9D62-5C14D1895129}" = protocol=6 | dir=in | app=c:\program files (x86)\novalogic\delta force xtreme\dfx.exe | "{E464B069-111A-4D5F-8990-3655D6032E5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E78493F3-7F89-4F46-ADD3-706980098264}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F32A639F-F3A4-4342-AB84-49B9ED2F447B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FEE2A1FD-7A62-4284-A4BF-1E946AC43D50}" = protocol=17 | dir=in | app=c:\program files (x86)\novalogic\delta force xtreme\update.exe | "{FEF488C8-3729-4E71-B3AD-5E23C7C95AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{FF9099B1-AC01-47DE-9676-30B3C955E87F}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "TCP Query User{0535A2DE-C9F7-4E21-8243-E2E70DD7D085}C:\program files (x86)\city interactive\overspeed\dedicated server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\overspeed\dedicated server.exe | "TCP Query User{08BE332F-DC14-4E7D-9B52-22A9CF807E52}C:\program files (x86)\city interactive\overspeed\overspeed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\overspeed\overspeed.exe | "TCP Query User{1F21B837-3C7D-45A0-9175-C2362B4C5235}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{4CB7FF8D-4783-4539-B5DC-5C2CBA8E5AFD}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{4CE95FCD-24FB-44AD-9EF7-5288FAC3BC89}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe | "TCP Query User{50DAEA56-C39B-4C84-9A12-7FF973B882AD}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{529E6FFE-4946-4493-B666-CCA3E3A2EB0B}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe | "TCP Query User{71BE733A-4ADF-4966-82D9-081C63FCD876}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{9BDDC405-EB07-4892-97EF-ABFB2D08CB35}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{A58C2FA2-4756-4824-A828-A3217F485B5E}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{AB4645A2-AC7F-4813-994B-D8C7EF193028}C:\program files (x86)\novalogic\delta force black hawk down\dfbhd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novalogic\delta force black hawk down\dfbhd.exe | "TCP Query User{BA6D069F-5F9E-4738-BBD2-158FB886D4BC}C:\users\7\appdata\roaming\urobeg\suar.exe" = protocol=6 | dir=in | app=c:\users\7\appdata\roaming\urobeg\suar.exe | "TCP Query User{BED21F19-04E7-482E-8DD6-51B2961FE6B5}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{D44438E4-F1C4-4624-A56C-243E0296B474}C:\users\7\downloads\winbox.exe" = protocol=6 | dir=in | app=c:\users\7\downloads\winbox.exe | "TCP Query User{E61EFE57-9993-4C34-AC88-9836849FB1CC}C:\users\serwerowe\appdata\roaming\zuaty\iwyxb.exe" = protocol=6 | dir=in | app=c:\users\serwerowe\appdata\roaming\zuaty\iwyxb.exe | "TCP Query User{F51A0974-C9FB-4F68-A2FF-9EA4E884F032}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "TCP Query User{F79A0612-29A9-4683-9DF0-7B634D0DB8D3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{0C009B1C-F447-4517-92AD-DEC7FDFE67CE}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{1229BA29-AE10-4C40-9670-81C3878EF777}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe | "UDP Query User{154DCDF4-0001-4D96-A5B2-6CF6AEE64F99}C:\users\serwerowe\appdata\roaming\zuaty\iwyxb.exe" = protocol=17 | dir=in | app=c:\users\serwerowe\appdata\roaming\zuaty\iwyxb.exe | "UDP Query User{18A55784-8FE5-42AD-8982-65736CA66858}C:\program files (x86)\city interactive\overspeed\dedicated server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\overspeed\dedicated server.exe | "UDP Query User{1D16B79B-6F27-46FE-A0DF-6EB6BD57E22E}C:\program files (x86)\city interactive\overspeed\overspeed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\overspeed\overspeed.exe | "UDP Query User{23FB3F01-E285-4C0C-A8E8-1DF2444BCDD8}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{556CEBEE-13F6-4DFD-AD95-7C44047A278F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{65157FBD-22C9-4792-B483-2D19463B2773}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{756E54F1-294E-466C-94FB-0EF0BD1B4D65}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{7C0F69F5-D811-4E65-B28C-B782B9546B97}C:\users\7\appdata\roaming\urobeg\suar.exe" = protocol=17 | dir=in | app=c:\users\7\appdata\roaming\urobeg\suar.exe | "UDP Query User{996CAF8E-4C4F-4795-9A78-E1B255A9699F}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{A81EC244-081A-4BCC-AE99-B949BD99007D}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{AFB847DF-7B73-42AD-917D-596B64C3574E}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "UDP Query User{C200B781-4E62-4865-82AF-FAC7DD08395E}C:\program files (x86)\novalogic\delta force black hawk down\dfbhd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novalogic\delta force black hawk down\dfbhd.exe | "UDP Query User{C223A182-80B3-41C8-8D35-38B3905A0280}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{C60634A4-D748-49AF-9E0B-0100D05A6D07}C:\users\7\downloads\winbox.exe" = protocol=17 | dir=in | app=c:\users\7\downloads\winbox.exe | "UDP Query User{D4A0CB40-B8E1-4955-B0C2-878C0B263BEF}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{1E38D402-2678-4668-9812-45CD06658846}" = LibreOffice 3.4 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6890095D-D7FE-465A-9B1D-BE605B1F5FD9_CDP}_is1" = Gothic 3 Zmierzch Bogów Edycja Rozszerzona "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{E8A98F96-E98E-460A-B959-F454EC3CE6D8}" = Delta Force: Xtreme "{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™ "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FC900219-2DB9-4274-B2CF-F9ABA057C7BC}_is1" = Modern Warfare 2 Spolszczenie by O22y "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agricultural Simulator Historical Farming 2012" = Agricultural Simulator Historical Farming 2012 "Ahead.Nero_is1" = Ahead.Nero v9.4.13.2 "ArcaniA" = ArcaniA - Gothic 4 "ASIO4ALL" = ASIO4ALL "Crack do Gothic 3" = Crack do Gothic 3 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Delta Force - Black Hawk Down" = Delta Force - Black Hawk Down "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FL Studio 10" = FL Studio 10 "Fraps" = Fraps (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "IL Download Manager" = IL Download Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0 "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "McFunSoft Video Solution_is1" = McFunSoft Video Solution Trial Version (English) 8.0.5.18 "Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MTA:SA 1.1" = MTA:SA v1.1.1 "MySSID_is1" = EXPERTool 7.20 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.00.1467" = Opera 12.00 "Overspeed/PL-Polish_is1" = Overspeed "PunkBusterSvc" = PunkBuster Services "Totalcmd" = Total Commander (Remove or Repair) "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = Archiwizator WinRAR "Xfire" = Xfire (remove only) "XfireXO Toolbar" = XfireXO Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-15 03:56:10 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error - 2012-07-15 04:05:26 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 04:05:26 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 04:05:26 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error - 2012-07-15 04:11:36 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 04:11:37 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 04:11:37 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error - 2012-07-15 09:21:56 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 09:21:56 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2012-07-15 09:21:56 | Computer Name = 7-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. [ System Events ] Error - 2012-07-15 09:17:36 | Computer Name = 7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error - 2012-07-15 09:17:36 | Computer Name = 7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error - 2012-07-15 09:17:36 | Computer Name = 7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Norton AntiVirus z powodu następującego błędu: %%2 Error - 2012-07-15 09:17:36 | Computer Name = 7-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: BHDrvx64 IDSVia64 SymIRON Error - 2012-07-15 09:38:19 | Computer Name = 7-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AppleCharger BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 Error - 2012-07-15 09:38:24 | Computer Name = 7-Komputer | Source = DCOM | ID = 10005 Description = Error - 2012-07-15 09:38:30 | Computer Name = 7-Komputer | Source = DCOM | ID = 10005 Description = Error - 2012-07-15 09:38:31 | Computer Name = 7-Komputer | Source = DCOM | ID = 10005 Description = Error - 2012-07-15 09:38:31 | Computer Name = 7-Komputer | Source = DCOM | ID = 10005 Description = Error - 2012-07-15 09:38:43 | Computer Name = 7-Komputer | Source = DCOM | ID = 10005 Description = < End of report >