OTL Extras logfile created on: 2012-07-15 16:26:12 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Zbyszek\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,91 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 76,55% Memory free 15,82 Gb Paging File | 13,72 Gb Available in Paging File | 86,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296,75 Gb Total Space | 34,80 Gb Free Space | 11,73% Space Free | Partition Type: NTFS Drive D: | 634,77 Gb Total Space | 60,89 Gb Free Space | 9,59% Space Free | Partition Type: NTFS Computer Name: Z | User Name: Zbyszek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2861877135-977594196-4211332367-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FCDDA0-1927-4AD3-92C6-727E1ACD584D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0485953D-C445-4E5F-B724-5D1763B5D0C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{098D2C8B-1E87-44C3-AEEF-3C7276841298}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0BB1C224-BFDD-4C9F-BFE1-891E46AF5228}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{13760DAB-18A3-4583-A8D1-18851EC44490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14C9EA85-52B9-4C6E-91CE-430F86E1BB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{174D57A1-F01E-4850-9855-658457E7940B}" = lport=445 | protocol=6 | dir=in | app=system | "{2784AAF3-E64A-49AB-809F-067838BC8D49}" = lport=137 | protocol=17 | dir=in | app=system | "{2DF0BFD4-A9EB-46EE-93D4-1743DF511292}" = lport=10243 | protocol=6 | dir=in | app=system | "{3248438D-9B4B-44B3-82BB-49C509E93FE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3FA0B795-B281-4DD1-B873-46F95266EC3A}" = lport=139 | protocol=6 | dir=in | app=system | "{46752832-8DA3-4CEB-93AA-871B53FD6B8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{553FDCB9-C119-4FAA-81A6-F11F7372C0F5}" = rport=445 | protocol=6 | dir=out | app=system | "{5DB0AF5A-CB2A-48DC-B85E-07758BD0F0AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6090BF59-10CA-4FE6-A9CF-E48F00434624}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F1A49A7-422C-4F46-90F4-D697CC63F9E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{75811C5C-DE90-4556-99AD-3B480EEACAE0}" = rport=10243 | protocol=6 | dir=out | app=system | "{77A67C8D-B31C-43A4-A779-7526267D48C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A3ED809-3ABE-4B45-844A-99857C27097F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B2A3D4D-06E0-47D7-8578-5E85A33BBAAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D49024A-0583-4741-A4C9-A7C16ED8F8E2}" = lport=138 | protocol=17 | dir=in | app=system | "{8FC59084-4776-48DF-AA9C-A0297138FBA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A2323D98-7B35-437A-B679-1DCA0F99E344}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A28AF1A0-A278-4764-BE74-5E14A7647928}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF301AB5-46A0-4CBA-BCB9-211EEE623590}" = lport=2869 | protocol=6 | dir=in | app=system | "{C3C32029-0FCB-4E66-BF1F-EBD019DF100C}" = rport=137 | protocol=17 | dir=out | app=system | "{C51E85CC-E2BB-48CD-A2C8-68B38DFBD56F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CB07C2FF-279F-40DB-99BE-340D06356CD3}" = rport=139 | protocol=6 | dir=out | app=system | "{E75E353E-CE8E-44A2-B369-3B0FBA66A954}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E83D3960-C8D7-4501-95A5-37B7D696A814}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FD3E4963-E698-4545-9C4F-E4823F26ACA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFEC4501-1E1B-42B2-97C2-25110D21A6D2}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{063DBAE7-31A7-40AB-A84C-8E7EF326BD68}" = protocol=6 | dir=out | app=system | "{06A44F41-E1A1-481D-9D0C-650726007713}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{07CB244F-5A24-49E1-B4C2-30604E0E279D}" = protocol=6 | dir=in | app=c:\users\zbyszek\downloads\sweetimsetup.exe | "{11C06EBD-0953-46B8-B10A-FF4CB3C4DD54}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{148408CD-BB03-424E-A886-70D25498C902}" = protocol=6 | dir=in | app=c:\program files (x86)\dibanet\renderacclient.exe | "{1C19C29A-AB5E-435B-81EE-33C9AB206B7B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{382A1C2F-8629-4891-9674-316830629F4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C4233E7-F21B-41BC-B62C-F76B85E619CD}" = protocol=6 | dir=in | app=c:\program files (x86)\paneldesign\paneldesign.exe | "{3FF51D99-DE99-417D-94B0-C6BEC37D051E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4F5A427F-1307-43C0-A6E5-EEFBB883D021}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{53AC6F64-E8AF-4191-B40E-4CE588335A62}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5DC65014-A761-41F8-BC53-5A3F712B9836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{62266628-8D15-42BD-82F1-860A00B20005}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6F39D5EC-17E0-4C06-B556-5314A77E4925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F4C1038-4A42-45F6-835B-C0CFA103E496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7072A136-F602-436F-ACF8-6D7FCC4BF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{79A13A55-4803-4610-97B1-BB0F5966D060}" = protocol=6 | dir=in | app=c:\users\zbyszek\appdata\local\microsoft\windows\temporary internet files\content.ie5\jd5sf9cz\bella_meets_the_cullens_downloader_378b.exe | "{81F08DDA-6A32-46AE-907E-EBC5CFDE391C}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{86B409F9-AE03-4335-A64C-1612AA5967DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8E9095DD-0AF2-4C4A-BE5E-B8C5319AC204}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90A4C678-AF21-466E-B661-915D4C40C887}" = protocol=17 | dir=in | app=c:\users\zbyszek\appdata\local\microsoft\windows\temporary internet files\content.ie5\jd5sf9cz\bella_meets_the_cullens_downloader_378b.exe | "{95482D7E-51F6-46CC-A6E6-4DD7223036EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{961CEB77-A680-4D53-9A90-99BBC1AF43D6}" = protocol=17 | dir=in | app=c:\program files (x86)\paneldesign\paneldesign.exe | "{9826D67C-1557-434A-ACE7-2955DFD05378}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A406929F-27EF-4DA6-8031-821D79372819}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6234BD1-AA05-44C9-9094-C01ECB80B3E2}" = protocol=17 | dir=in | app=c:\program files (x86)\dibanet\dibanet.exe | "{A644FC9D-8CA0-40AF-8461-181E2E00CF18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A97D793B-1581-49A1-84EC-30EF98DB33B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C7DC6911-44E6-4DDB-8E08-583E06A8270E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CCE28075-517A-4990-A299-E9C315ACA136}" = protocol=17 | dir=in | app=c:\users\zbyszek\downloads\sweetimsetup.exe | "{D1D3C12F-E86A-420D-9F03-0A0BE888DC87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D6B46399-2C2D-40C2-881D-C920BC3AC6B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D95892C0-DD2F-4A91-8D6F-CAC0BFD7B44A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DA9220A8-9F57-4264-A6C7-FAE5A68318DE}" = protocol=6 | dir=in | app=c:\program files (x86)\dibanet\dibanet.exe | "{E04A6461-CE5C-4605-BDC9-48EA3DA5B6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{EBC0B8C8-90E9-407A-9555-528971CC9B7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EC8119A9-EF78-4A95-92B1-CBD670C324F7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{ED6DE144-2B30-4F8A-8B38-61ABE641E7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\dibanet\renderacclient.exe | "TCP Query User{2CB92C8C-9F96-45CB-B4B0-841E2A30B825}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{92DC5D56-3910-4F31-8020-742B406FFB3A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{99F276E9-016B-4DC9-965F-4BA855DA9383}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{9F76A90B-0E29-4790-8B0E-6745FE94FAD2}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{B4C5F119-6B37-4EEA-96DA-31594098A987}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{F7813230-5ACE-4CCF-995C-6CF9E6F20C8D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{7E4F7FE4-173C-4903-BC63-66F98EB8B35A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{AA3F5958-E516-4107-8F53-9A734A9F59CA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{CF11103B-0C50-4F78-82E5-1D1BBF66769C}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{D16A0C8E-0120-45C2-9F4D-5D61795E271F}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{E07E3296-4BEF-4284-B95E-3D6392115796}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{E7D29E94-E1A5-46F5-B0FC-6028F819C6FF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{0844B6E1-0A6F-4D81-8BCF-48F883F521FE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{DE220B73-DE13-423F-ABE2-037B8F58BECD}" = PanelDesign Beta 1.07 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{EF7DCBFC-D122-4B61-B46A-61458FCAEF24}" = DibaNet 8.08 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 3.3.2 "avast" = avast! Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "BrowserCompanion" = BrowserCompanion "facemoods" = Facemoods Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "Giant Savings" = Giant Savings "Google Chrome" = Google Chrome "Hugo - Gorączka Czarnych Diamentów" = Hugo - Gorączka Czarnych Diamentów "JDownloader" = JDownloader "Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nowy Rozkrój Demo_is1" = Nowy Rozkrój Demo wersja 6.2.4 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PRO100 wersja 5 Demo_is1" = PRO100 wersja 5 Demo "Softonic" = Softonic toolbar on IE "Szkoła podstawowa klasa 5 - Tajemnice przyrody" = Szkoła podstawowa klasa 5 - Tajemnice przyrody "VLC media player" = VLC media player 1.1.11 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2861877135-977594196-4211332367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-04-23 15:20:34 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 01:36:38 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 07:50:22 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 09:46:38 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 10:10:05 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 12:02:37 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 13:00:07 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-24 14:11:47 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-25 01:54:38 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = Error - 2012-04-25 07:52:01 | Computer Name = Z | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 2011-10-03 12:23:39 | Computer Name = Z | Source = MCUpdate | ID = 0 Description = 18:23:39 - Błąd podczas nawiązywania połączenia z Internetem. 18:23:39 - Nie można skontaktować się z serwerem.. Error - 2012-04-22 09:42:29 | Computer Name = Z | Source = MCUpdate | ID = 0 Description = 15:42:27 - Błąd podczas nawiązywania połączenia z Internetem. 15:42:27 - Nie można skontaktować się z serwerem.. Error - 2012-04-22 12:52:42 | Computer Name = Z | Source = MCUpdate | ID = 0 Description = 18:52:41 - Błąd podczas nawiązywania połączenia z Internetem. 18:52:41 - Nie można skontaktować się z serwerem.. Error - 2012-04-22 12:53:14 | Computer Name = Z | Source = MCUpdate | ID = 0 Description = 18:53:11 - Błąd podczas nawiązywania połączenia z Internetem. 18:53:11 - Nie można skontaktować się z serwerem.. Error - 2012-05-14 13:11:17 | Computer Name = Z | Source = MCUpdate | ID = 0 Description = 19:11:17 - Nie można pobrać pakietu Directory (Błąd: Upłynął limit czasu operacji) [ System Events ] Error - 2012-07-09 09:02:44 | Computer Name = Z | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 14:23:58 na ?2012-?07-?09 było nieoczekiwane. Error - 2012-07-09 13:49:46 | Computer Name = Z | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-07-11 09:45:47 | Computer Name = Z | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 15:35:27 na ?2012-?07-?11 było nieoczekiwane. Error - 2012-07-13 14:30:08 | Computer Name = Z | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-07-15 09:10:33 | Computer Name = Z | Source = Service Control Manager | ID = 7031 Description = Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-07-15 09:12:29 | Computer Name = Z | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-07-15 09:12:52 | Computer Name = Z | Source = Service Control Manager | ID = 7031 Description = Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-07-15 09:13:33 | Computer Name = Z | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2012-07-15 09:14:12 | Computer Name = Z | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-07-15 09:15:00 | Computer Name = Z | Source = Service Control Manager | ID = 7023 Description = Usługa Windows Defender zakończyła działanie; wystąpił następujący błąd: %%126 < End of report >