OTL Extras logfile created on: 2012-07-17 15:41:18 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,98 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,97% Memory free 15,95 Gb Paging File | 14,42 Gb Available in Paging File | 90,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 15,41 Gb Free Space | 31,55% Space Free | Partition Type: NTFS Drive D: | 137,34 Gb Total Space | 43,40 Gb Free Space | 31,60% Space Free | Partition Type: NTFS Drive E: | 136,72 Gb Total Space | 22,13 Gb Free Space | 16,19% Space Free | Partition Type: NTFS Drive F: | 49,71 Gb Total Space | 27,26 Gb Free Space | 54,85% Space Free | Partition Type: NTFS Computer Name: GLOWNY | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14759956-B231-460B-9480-867FB1F204BD}" = lport=2869 | protocol=6 | dir=in | app=system | "{2CF43660-6CBD-4C15-B647-A2BD926CFBA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2D8BC4BB-EF4A-4917-8197-FC5150EAED59}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4491E61C-102C-4E36-A462-DDA7C2046C35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{464EC901-2A04-4CC4-BADF-4E9BBFD959A0}" = rport=137 | protocol=17 | dir=out | app=system | "{56C144EB-1A48-492B-8794-4C9F3D6834D3}" = lport=138 | protocol=17 | dir=in | app=system | "{579BAE7A-0E98-4164-A8CB-6E69B263C630}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{62799AB6-F75C-4D53-BBEF-FDFED538B8B8}" = rport=139 | protocol=6 | dir=out | app=system | "{6CB91B3C-60ED-48E0-910E-9108BACAB463}" = lport=137 | protocol=17 | dir=in | app=system | "{7993E3ED-70C4-4C5A-87C9-1D027215ED54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8027130C-D69D-4BB1-9094-62DD5781BBC0}" = lport=445 | protocol=6 | dir=in | app=system | "{98755F4C-198A-4F47-B8B4-FB592AFCCF62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B2E7CB68-4E15-4166-925A-8369F6F9BBC1}" = lport=10243 | protocol=6 | dir=in | app=system | "{B5E803A0-E2C1-4E18-8A41-3EB61BA775CD}" = lport=139 | protocol=6 | dir=in | app=system | "{BE7BC136-5669-4B0C-BA27-2322C39363D0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC45EF2E-F638-4937-AD16-301FE5845E4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE6DC37C-BAD7-49C5-963C-CCF0A0A55B82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D410FFFB-FE2E-4FB1-8CAE-B9E29E867B44}" = rport=10243 | protocol=6 | dir=out | app=system | "{DDE9B006-F7C7-4D30-9479-7CF23582676B}" = rport=138 | protocol=17 | dir=out | app=system | "{E013E059-16C5-4EDB-88CE-5D14C26800C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E3C30DFE-8D80-4311-9796-1C7543A60E14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E97DF7D7-17AC-416F-827B-416953061A6E}" = rport=445 | protocol=6 | dir=out | app=system | "{F232BBBB-4D5E-4586-95F5-B991CBE0C0E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CB822A-33F5-4877-84CE-9303192780C6}" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\rpu.exe | "{143528B0-27F6-493D-A34E-E05696A137E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1539DDA4-4232-42E6-AE77-21ED36F48C9E}" = protocol=6 | dir=out | app=system | "{164731B2-C63D-4705-B062-212DDBC5053C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{16C8F7DE-F561-4168-A3E4-CC46E701C73D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{18A44C1A-EC94-48F0-99C2-8B6BD40ECC57}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\origin.exe | "{1D5EE1DD-74D9-456C-832F-4E79BE29819D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{22E1A347-F50F-4494-BEC1-D11425503D5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BBFFE18-4DC0-48C1-95C2-69E43BDAA05C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3080BC42-7B79-4AA1-9773-D2EC10405FE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{35F6B3A2-C1EA-4DD4-A7A8-525F1F679543}" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\erfeditor.exe | "{415CFAC5-6013-4963-B69B-D735D1480F2C}" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\rpu.exe | "{4C80FC86-2372-494A-8AF9-46A2605DBA35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4F3E7551-6522-4978-9E3B-0F69E94AFA0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{53A231FD-6F92-4DA8-B641-825AA34A1777}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{597BE822-F53B-40BC-A53E-DED8F282A167}" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\gffeditor.exe | "{5B9E259E-C910-41F7-A3D4-F8BED98271AB}" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\erfeditor.exe | "{5EDC7188-126F-4CEE-ADA1-AA49C5CD0FFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5FA006D2-1811-44F1-8313-D8F1DEA95090}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{70B72438-F208-4133-A13D-5A0B0E955E54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{87BFC8EA-75F9-46AF-8B58-35687E9A268C}" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\lightmapper\eclipseray.exe | "{8CB5B2F1-8968-41BA-8339-42DA047B8C26}" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\gffeditor.exe | "{93145B7A-99AC-4EC4-90F9-0796330B3B59}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9D2BF12F-CE09-4F57-B643-6A369CED2508}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9D40EA94-BA20-4FA6-88E5-C4A9A004791B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{9ED9AECD-C899-4468-BB95-2CF69BD4C8B2}" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\lightmapper\eclipseray.exe | "{B49A301C-7704-47C2-A9EB-8A67BD3A84C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C646684A-87F6-4D7B-ABC6-EF185DB58366}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CA24D5EA-40A1-433E-B8C2-47D3C05CE12E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{CB7CC33F-D646-47CF-BFD8-59847090CE2D}" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\dragonagetoolset.exe | "{D60B3CF6-0A63-4256-BD78-0614BD78882D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{D65BCD3C-D59E-454B-B18A-55E7B9F1AECF}" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\tools\dragonagetoolset.exe | "{E040E73E-F7C9-4F31-8C26-AC6B0C2BA45A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\origin.exe | "{EDDFD6BC-DC09-409B-9553-2B1EF1DC47B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EEDAFE4A-B5C6-4735-8F7F-D03AC3B903BE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{F666B111-2E97-49E8-A9A4-BC670CD58CD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F68D89FF-5831-49A9-92FF-2D7797E385E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAE97852-4B94-44E9-954C-8C55E6918B39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{0D03397C-F2EC-49AA-BBF5-152AE8677742}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{189D9E58-42FF-48D9-8D6B-6D07C6C8F00B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{1CF6B066-3122-4C31-92AE-E63284DE6164}E:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe | "TCP Query User{45CC6CEC-0903-4C39-BDD7-6581436FB19C}E:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe | "TCP Query User{9DF99C5B-E335-40B8-8C27-626680C81DC1}E:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe | "TCP Query User{A40C649C-4BBC-40CD-BC1E-73114CFFB6E3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{ACD31893-9696-479E-8F93-34AFFE1725B0}E:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe" = protocol=6 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe | "UDP Query User{0D4DDA09-E215-4D52-9E3B-4C65A5DDE0AA}E:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe | "UDP Query User{40AF2E0B-DF7D-4947-8F11-6F78E39887F8}E:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\daorigins.exe | "UDP Query User{57FAD7CB-DED2-48E8-80C2-92EA94A6AB6C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{955D203A-C912-4BDC-AE5B-1A8581701D4C}E:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe | "UDP Query User{B05101F6-F9C7-4C11-8A7A-6FA83C7254B0}E:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe" = protocol=17 | dir=in | app=e:\gry2\gry - origins\dragon age origins pl\bin_ship\eacoreserver.exe | "UDP Query User{B394532A-51A0-4914-8608-5040E4651323}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{DC282EB9-1B3E-4263-B997-180EB66C6C5A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders "{B374E6A8-501F-4BC0-BA59-4EE78F06B3B2}" = Oracle VM VirtualBox 4.1.10 "{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Airytec Switch Off" = Airytec Switch Off "Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406 "Explorer Suite_is1" = Explorer Suite III "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{207E4051-D715-4DFB-AD24-81C7EF3B49DB}" = The Bat! Professional v4.0.38 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET) "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{88561496-997E-46E6-B481-AE254E7F1045}" = Nero 7 Premium "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age Początek "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility "{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = OSCAR Editor "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center "AC3Filter_is1" = AC3Filter 2.2a "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Astroburn Lite" = Astroburn Lite "Astroburn Toolbar" = Astroburn Toolbar "avast" = avast! Free Antivirus "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation "EA Installer.-1887752899" = EA Installer "ENTERPRISE" = Microsoft Office Enterprise 2007 "Foxit Reader_is1" = Foxit Reader 5.0 "Free Download Manager_is1" = Free Download Manager 3.0 "FXAA Post Process Injector" = FXAA Post Process Injector "Gadu-Gadu" = Gadu-Gadu 7.7 "Gothic" = Gothic "Gothic 3 - Quest Pack 4 PL" = Gothic 3 - Quest Pack 4 PL "InstallShield_{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = Anti-Vibrate Oscar Editor "MagniDriver" = marvell 91xx driver "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Opera 12.00.1467" = Opera 12.00 "Origin" = Origin "SAM" = Samozatrudnienie "Teleport Pro" = Teleport Pro "The Elder Scrolls IV - Oblivion - Złota edycja_is1" = The Elder Scrolls IV - Oblivion - Złota edycja "The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim "Totalcmd" = Total Commander (Remove or Repair) "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-15 09:04:11 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-15 13:59:37 | Computer Name = Glowny | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2012-07-17 08:34:14 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 08:36:11 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 08:37:59 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 08:46:48 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 09:06:41 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 09:07:09 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 09:29:27 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2012-07-17 09:29:41 | Computer Name = Glowny | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. [ OSession Events ] Error - 2011-12-25 11:48:47 | Computer Name = Glowny | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2984 seconds with 1500 seconds of active time. This session ended with a crash. [ System Events ] Error - 2012-07-17 09:05:06 | Computer Name = Glowny | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-07-17 09:05:06 | Computer Name = Glowny | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-07-17 09:05:06 | Computer Name = Glowny | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-07-17 09:05:06 | Computer Name = Glowny | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-07-17 09:05:12 | Computer Name = Glowny | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-07-17 09:06:57 | Computer Name = Glowny | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error - 2012-07-17 09:06:57 | Computer Name = Glowny | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error - 2012-07-17 09:15:18 | Computer Name = Glowny | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-07-17 09:16:19 | Computer Name = Glowny | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2012-07-17 09:16:44 | Computer Name = Glowny | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. < End of report >