BUBUs utworzono 24 czerwca 2013 utworzono 24 czerwca 2013 (edytowane) Witam, ostatnio pojawił się w moim komputerze wirus otwierający reklamy w operze. Przeskanowałem komputer za pomocą DR.WEB CureIt i znalazło AdWare, ale usuwanie go nic nie daje, dlatego zwracam się z prośbą o przejrzenie logów z mojego komputera: OTL [log] OTL logfile created on: 2013-06-24 13:37:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piotr\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 41,01% Memory free 7,90 Gb Paging File | 5,29 Gb Available in Paging File | 66,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 29,58 Gb Free Space | 37,91% Space Free | Partition Type: NTFS Drive D: | 195,21 Gb Total Space | 34,16 Gb Free Space | 17,50% Space Free | Partition Type: NTFS Drive E: | 192,32 Gb Total Space | 175,14 Gb Free Space | 91,07% Space Free | Partition Type: NTFS Computer Name: PIOTR-KOMPUTER | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-06-24 13:29:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013-06-24 13:28:21 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013-06-24 13:28:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013-06-24 12:44:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe PRC - [2013-06-16 18:00:37 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2013-06-13 17:17:53 | 002,307,584 | ---- | M] () -- C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe PRC - [2013-06-07 22:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013-06-07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe PRC - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-04-10 19:32:32 | 008,030,720 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-09-08 22:15:01 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe PRC - [2012-02-27 13:01:00 | 000,049,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe PRC - [2012-02-07 12:05:04 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-02-07 12:05:04 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-02-07 12:04:54 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012-02-07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-01-26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-11-29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011-05-19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-06-16 18:00:38 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2013-06-16 18:00:38 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013-06-16 18:00:38 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013-06-16 18:00:38 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013-06-16 18:00:38 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013-06-16 18:00:38 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013-06-16 18:00:38 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013-06-16 18:00:38 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013-06-16 18:00:38 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013-06-16 18:00:38 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013-06-16 18:00:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013-06-16 18:00:38 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013-06-13 17:17:53 | 002,307,584 | ---- | M] () -- C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe MOD - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013-02-02 23:21:10 | 004,176,896 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2013-01-29 15:10:14 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2013-01-28 10:39:26 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-11-26 13:47:11 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\471c9203ac2cc166ab3321f63d3bbc4a\Microsoft.VisualBasic.ni.dll MOD - [2012-11-26 13:38:22 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cacf7ee1ab1512e87629d7018aab6626\IAStorUtil.ni.dll MOD - [2012-11-26 13:38:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d348aa5cd0305abb9486a6a25897c417\IAStorCommon.ni.dll MOD - [2012-11-25 16:55:55 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll MOD - [2012-11-25 16:55:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll MOD - [2012-11-25 16:55:44 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d94dbbd0c84e503a6a1d192f768b45c8\PresentationFramework.ni.dll MOD - [2012-11-25 16:55:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012-11-25 16:55:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012-11-25 16:55:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012-11-25 16:55:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012-11-25 16:55:25 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46f9cb63a99278b3dd7d91766bf4969e\PresentationCore.ni.dll MOD - [2012-11-25 16:55:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll MOD - [2012-11-25 16:55:16 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012-11-25 16:55:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2012-08-31 13:02:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2009-07-14 19:55:04 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-07-14 19:55:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-12-19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2012-02-09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:[b]64bit:[/b] - [2012-02-02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2011-10-19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-06-24 13:29:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013-06-24 13:28:21 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013-06-12 21:24:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-05-28 14:16:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-02-28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012-07-25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012-02-27 13:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R) SRV - [2012-02-07 12:05:04 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-02-07 12:05:04 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-02-07 12:04:54 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012-02-07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010-06-25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009-09-20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-06-24 13:29:29 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2013-06-24 13:29:29 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2013-06-24 13:29:29 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2013-06-24 11:58:57 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:[b]64bit:[/b] - [2013-05-01 17:51:07 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:[b]64bit:[/b] - [2012-12-19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-12-19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-11-06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-10-26 20:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2012-09-09 14:19:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-09-08 22:15:01 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:[b]64bit:[/b] - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:[b]64bit:[/b] - [2012-02-09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:[b]64bit:[/b] - [2012-02-09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:[b]64bit:[/b] - [2012-01-26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-01-26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-01-26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-01-13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:[b]64bit:[/b] - [2011-11-29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-11-09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2011-09-21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:[b]64bit:[/b] - [2011-08-23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-08-17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2011-08-17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011-08-17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2011-07-04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:[b]64bit:[/b] - [2011-05-10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:[b]64bit:[/b] - [2010-06-25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2009-11-18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-02-13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2012-07-13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Visual Studio 2012 PRO\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?l=dis&o=APN10234&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=0124181182344542&p2=^A8B^YYYYYY^YY^US IE - HKCU\..\URLSearchHook: {3cb073f3-be3c-4e8f-942d-8a747b54486f} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=A0EFBC5FF442C876 IE - HKCU\..\SearchScopes\{1584D16E-4060-4631-ACFC-227F4673A663}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=0124181182344542&p2=^A8B^YYYYYY^YY^US&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-13 21:02:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-13 21:02:21 | 000,000,000 | ---D | M] [2012-09-11 21:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotr\AppData\Roaming\mozilla\Extensions [2013-06-13 17:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotr\AppData\Roaming\mozilla\Firefox\Profiles\emhedo2x.default\extensions [2013-06-13 17:17:57 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Piotr\AppData\Roaming\mozilla\Firefox\Profiles\emhedo2x.default\extensions\plugin@getwebcake.com [2013-06-18 10:55:52 | 000,006,470 | ---- | M] () -- C:\Users\Piotr\AppData\Roaming\mozilla\firefox\profiles\emhedo2x.default\searchplugins\babylon.xml [2013-06-18 10:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013-05-28 14:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-05-28 14:16:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-11-05 17:20:34 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [lollipop] c:\users\piotr\appdata\local\lollipop\lollipop.exe () O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C06646B-D6B0-4631-99AC-A7E1403E0E38}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-06-24 13:35:20 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\Avira [2013-06-24 13:31:08 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013-06-24 13:29:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013-06-24 13:29:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013-06-24 13:29:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013-06-24 13:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013-06-24 13:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013-06-24 12:45:47 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Desktop\gmer [2013-06-24 12:44:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe [2013-06-18 10:56:11 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I [2013-06-18 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013-06-18 10:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013-06-18 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\Babylon [2013-06-18 10:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013-06-16 20:05:05 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Doctor Web [2013-06-16 17:55:00 | 013,168,216 | ---- | C] (Opera Software ASA) -- C:\Users\Piotr\Desktop\Opera_1215_int_Setup.exe [2013-06-13 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Local\SwvUpdater [2013-06-13 17:17:57 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\WebCake [2013-06-13 17:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013-06-13 17:17:53 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Local\Lollipop [2013-06-13 17:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013-06-13 17:17:27 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\eIntaller [2013-06-13 17:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013-06-13 17:16:58 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\eDownload [2013-06-11 18:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2013-06-11 18:36:41 | 014,965,064 | ---- | C] (Google Inc.) -- C:\Users\Piotr\Desktop\picasa39-setup.exe [2013-05-28 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Desktop\brama [2013-05-28 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-06-24 13:39:05 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-06-24 13:31:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013-06-24 13:30:04 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013-06-24 13:29:29 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013-06-24 13:29:29 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013-06-24 13:29:29 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013-06-24 13:24:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-06-24 13:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013-06-24 13:02:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013-06-24 12:45:22 | 000,368,554 | ---- | M] () -- C:\Users\Piotr\Desktop\gmer.zip [2013-06-24 12:44:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe [2013-06-24 12:06:12 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-06-24 12:06:12 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-06-24 11:58:57 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013-06-24 11:58:56 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-06-24 11:58:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013-06-24 11:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-06-24 11:58:41 | 3180,834,816 | -HS- | M] () -- C:\hiberfil.sys [2013-06-23 22:15:09 | 000,924,310 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-06-23 22:15:09 | 000,715,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-06-23 22:15:09 | 000,216,944 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-06-23 22:15:09 | 000,180,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-06-23 22:15:09 | 000,006,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-06-16 18:00:38 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013-06-16 17:55:15 | 013,168,216 | ---- | M] (Opera Software ASA) -- C:\Users\Piotr\Desktop\Opera_1215_int_Setup.exe [2013-06-16 14:54:01 | 000,061,419 | ---- | M] () -- C:\Users\Piotr\Desktop\DSC09830.JPG [2013-06-13 17:12:28 | 000,423,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-06-12 21:24:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-06-12 21:24:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-06-11 18:38:25 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-06-11 18:37:29 | 014,965,064 | ---- | M] (Google Inc.) -- C:\Users\Piotr\Desktop\picasa39-setup.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-06-24 13:30:04 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013-06-24 12:45:22 | 000,368,554 | ---- | C] () -- C:\Users\Piotr\Desktop\gmer.zip [2013-06-16 18:00:38 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013-06-16 18:00:38 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2013-06-16 14:54:01 | 000,061,419 | ---- | C] () -- C:\Users\Piotr\Desktop\DSC09830.JPG [2013-06-13 17:18:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job [2013-06-13 17:17:57 | 000,001,968 | ---- | C] () -- C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk [2013-06-11 18:38:25 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-06-04 16:33:54 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-06-04 16:33:53 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-11-23 18:39:06 | 000,000,173 | ---- | C] () -- C:\Users\Piotr\AppData\Local\msmathematics.qat.Piotr [2012-09-13 21:00:03 | 000,211,167 | ---- | C] () -- C:\Windows\hpoins18.dat [2012-09-13 21:00:03 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2012-09-09 14:24:39 | 001,640,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-09-09 13:03:28 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2012-09-08 23:08:41 | 000,007,598 | ---- | C] () -- C:\Users\Piotr\AppData\Local\Resmon.ResmonCfg [2012-09-08 22:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-09-08 22:17:48 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012-09-08 22:17:48 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012-09-08 22:17:48 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012-09-08 22:17:46 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-09-08 22:17:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-09-08 22:15:07 | 000,000,003 | ---- | C] () -- C:\Users\Piotr\AppData\Local\user_data.ini [2012-07-28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-07-28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-02-02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/log] Extras [log] OTL Extras logfile created on: 2013-06-24 13:37:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piotr\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 41,01% Memory free 7,90 Gb Paging File | 5,29 Gb Available in Paging File | 66,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 29,58 Gb Free Space | 37,91% Space Free | Partition Type: NTFS Drive D: | 195,21 Gb Total Space | 34,16 Gb Free Space | 17,50% Space Free | Partition Type: NTFS Drive E: | 192,32 Gb Total Space | 175,14 Gb Free Space | 91,07% Space Free | Partition Type: NTFS Computer Name: PIOTR-KOMPUTER | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08153F4D-E340-49D9-9D45-112C80385FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{262C8461-A858-4C6B-8852-4E9AD4C48EA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28CAF071-0027-4976-B319-1E4B89E2678B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33314407-D9AC-483B-B9E4-B01C8287D374}" = lport=2869 | protocol=6 | dir=in | app=system | "{372FA12B-6D44-4790-8A6F-ECFD6308D28D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C6EF491-D1CA-4A14-AAF2-DA7327E90847}" = rport=138 | protocol=17 | dir=out | app=system | "{623B20ED-B439-48B2-9F19-ADAFC4FF3596}" = lport=137 | protocol=17 | dir=in | app=system | "{6CBBDEEF-7E4A-4566-9DE2-65211E8C2BCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6E283786-E215-40C3-9BA3-5CC6A05417A4}" = rport=445 | protocol=6 | dir=out | app=system | "{7B17BFBA-DEC9-4315-AAA9-2AF20DC0E259}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B1FAACE-0059-4A04-AF53-739081E9B364}" = lport=445 | protocol=6 | dir=in | app=system | "{7D820134-CAA5-4EAC-A855-479CFB759685}" = rport=139 | protocol=6 | dir=out | app=system | "{8875B3F7-F058-412B-AADE-A07D4621FCEC}" = lport=10243 | protocol=6 | dir=in | app=system | "{91043EDB-6671-4BB0-9FB5-F8A252A1B519}" = lport=139 | protocol=6 | dir=in | app=system | "{9F9D5551-896B-425D-8928-A35EE5FE0A5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A46BE6BD-8FDB-4555-B5D6-941BA5C9C75D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B0F7D689-0116-4CE2-942A-107D649F69E6}" = rport=137 | protocol=17 | dir=out | app=system | "{BB4A25D7-42BE-464E-A6DF-332CE3E0D8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BD62AB18-654F-49CC-A9A6-718C1C08B14C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D21AEDC0-2379-4EAB-B8AB-B59E928FE834}" = rport=10243 | protocol=6 | dir=out | app=system | "{DD83AEAF-4617-4DEA-AB57-0B1DB909973A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E42B5105-9555-466B-BA49-B1467ACE85E8}" = lport=138 | protocol=17 | dir=in | app=system | "{E5E3EFBB-FCC7-4909-948D-B590A276F062}" = lport=3702 | protocol=17 | dir=in | app=e:\visual studio 2012 pro\common7\ide\devenv.exe | "{FFB54B51-6896-4522-B52B-65294C279AFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027098F3-51B7-4753-A0D4-9878A238DA5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{06307C54-7127-4DF5-8A61-37FDE6E1F4D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{12213CE6-90F1-448F-A9F9-402913C67631}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{17321DEF-053F-43D0-9385-74E2C7A2FEF3}" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\launchgtaiv.exe | "{174C177D-3E8F-472C-A635-3A8F5B7C4FC5}" = protocol=6 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "{1EB9CCF8-1BCE-4037-B033-417CFE253CB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{2022282C-CEFC-476C-A98F-779CA196BF33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{20EC9556-5B4D-401A-8DFD-150133AD83DC}" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\grand theft auto iv\launchgtaiv.exe | "{21525832-CB84-462F-9CFF-0B7CBF8F09B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{30BD5668-17B7-40FF-AA7A-3ABE3D53B24C}" = protocol=6 | dir=in | app=d:\gry\dirt 3\dirt3_game.exe | "{3B15AB4B-06EF-4418-A59F-E38EE5BB7D14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{3B854B84-932E-44CA-99B0-A1B9061BE67E}" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\launchgtaiv.exe | "{40C83E83-EDCC-4938-ACC7-A7D18DA828A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4885BAD2-BB64-49E4-A087-E3FF18858B0C}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2012\pcm.exe | "{4A4F0EC1-6FAC-4F65-B4AB-214D513730BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{4B7782D0-E3F8-4C4F-AF06-707061B3598F}" = dir=in | app=c:\users\piotr\appdata\local\microsoft\skydrive\skydrive.exe | "{4CD9EB58-7CEE-466F-9459-3280FA036001}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{509B58A9-6D15-45CD-9276-8567EB57D0B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52528064-A85E-4374-A82B-6692182989CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{53CED20D-2D7C-411D-B5BF-099B35D1A2E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{54051DCE-3B0C-4BF2-92FD-905E9A5FDBE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{56544BFC-F37C-45DD-A507-25D3779CAC33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{57BDF627-A2AA-4FD3-B874-D9EB045D80EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62475362-6DF1-4368-8C78-19FABA1034EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{6327CA1C-7A92-4253-88BA-69CC5EE7D623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B6AB44F-3F8B-45CE-8FC5-149E813DD027}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{7423A462-7982-46D1-90EE-81556C8F6A0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{76C455C1-258D-40D0-85F2-2A5709CFE2D8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7A9684BF-E6AF-47F3-87FB-EBA409C276E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D0E66B7-7D82-411C-BEDA-83E42CFB6AD9}" = protocol=6 | dir=out | app=system | "{7D7687FF-B3D1-40F7-803E-C1966F39D3E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{7F059085-48B7-4DE3-ADBE-53DF4063553E}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2012\autorun\exe\autorun.exe | "{806EC712-1963-408E-A630-1CA3459CE6C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{80757DC9-089D-40CF-8D43-06103772EC94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{88EF2AF8-2776-49E0-A80B-C8D015F12305}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{901601E9-047A-4D75-B657-683892C5CDBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{91FBD99E-0384-4423-9F05-A80EC2D31332}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96A5FF22-1072-43CD-95B6-46260808FCD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{98FD62BE-AB3A-4679-8EE3-90EF1E142312}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2012\autorun\exe\autorun.exe | "{A4CEF440-7BAA-40E6-BFAC-F7A0A2312CCF}" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\grand theft auto iv\launchgtaiv.exe | "{A8B6212C-3714-4AEE-9769-7C317AF34AA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ABAC2427-41C8-4603-A0F9-1EFD4751C5D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{AEC26B2D-2FE2-4400-B8BE-A1025EE4C34C}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2012\pcm.exe | "{BE6AB972-9043-467D-852F-CCBE5B7D8616}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C4D76E4E-F814-4DA8-B14F-40E96F28C03B}" = protocol=17 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "{C778BEFE-7B82-4421-A995-872E4F12D884}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C9BB5A23-7151-4147-8933-E4EF5676B17B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{CAF24B5B-338F-4A7A-943F-A38076DCADA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{CE0D40C5-69C2-40C2-A9FB-FFDF0B97A75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CF76AB42-A492-44CA-931A-D7BB90AC234D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D057D902-E3FF-4C52-8862-9456E47F84E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1B42449-D3F3-456D-BA4F-B1522800DD74}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{DEAF63A3-C501-4044-BBA3-B799146BA1B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E6D89409-D6DB-4B4B-A7A9-9213B3A70A1C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E7138DDC-39CE-4BA4-841B-0E096D8F5149}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E78D5424-696D-454F-B05D-2B969970C67C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{EF0A1AAB-43CF-4086-AB71-61E612EFF26B}" = protocol=17 | dir=in | app=d:\gry\dirt 3\dirt3_game.exe | "{F8966163-B353-46A2-B32A-9CAA6E5E3015}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{F9FF1132-7B70-4E17-90CC-2D5D75AAE092}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "TCP Query User{3A6D93C6-21A8-4922-AEE0-F7EE48EE5BBF}D:\gry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\gtaiv.exe | "TCP Query User{48C0802F-35FA-4C1F-83F5-7EB6214E3155}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{57F6A478-BD62-49E9-BB1D-985B7B99CEF4}D:\gry\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{659B1B07-CEF1-42A7-BE15-90E2E7DFC431}D:\gry\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\gry\need for speed most wanted\nfs13.exe | "TCP Query User{738DBC82-14F2-42DA-B3F2-D08372D015B9}D:\gry\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "TCP Query User{909A8F43-5ABF-4D0A-880E-C80B38EEFFDB}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "TCP Query User{92F7706D-E37B-4469-B5F1-48C47A3BED44}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{C96E5B5F-5D61-4779-A02E-B6DDA562C826}D:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe | "TCP Query User{FA798219-1E5D-4261-A71B-1AB02AE03F12}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{04CAE883-AE4D-4DF2-BCB7-C6E0052C161A}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{1E823AAD-EA8E-4847-9F02-449E2B4ABACE}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | "UDP Query User{34210AEA-38B0-4978-B39A-AE0C1004F61A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{3B315247-F582-42F8-8F7A-37C5D8FB0723}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{4F71AF5F-0E4B-441D-BA78-2955A2C2A4EF}D:\gry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\gtaiv.exe | "UDP Query User{502204E9-B9F5-4689-98F8-93690F5ED77B}D:\gry\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\gry\need for speed most wanted\nfs13.exe | "UDP Query User{8277B2B2-318D-418B-B7D7-651CB9FC97C1}D:\gry\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{AB085396-C401-4E6B-8C14-CBF2CD2420C0}D:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe | "UDP Query User{E95768A1-8A74-4060-8253-2BA2CDFD6CB7}D:\gry\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{12ABC13D-6540-483D-92B9-30CE1667B002}" = Intel(R) Smart Connect Technology 2.0 x64 "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack "{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F2BB264-6DF5-34F2-AD3E-A1C1C902D4E1}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote "{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework "{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64) "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites "{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools "{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU "{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Polski pakiet językowy dla programu Microsoft .NET Framework 4.5 PLK "{94C42BE9-B62A-3558-A793-AD49B354F7AA}" = Microsoft .NET Framework 4.5 PLK Language Pack "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64 "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 "{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0 "{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit) "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64) "{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64) "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86 "{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU "422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) "ASRock App Charger_is1" = ASRock App Charger v1.0.5 "ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6 "ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9 "CCleaner" = CCleaner "DCS A-10C_is1" = DCS A-10C "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK" = Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Shop for HP Supplies" = Shop for HP Supplies "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012 "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64 "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu "{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1164D725-1114-4EB4-A559-5CD80A50ED5D}" = Microsoft .NET Framework 4.5 SDK - PLK Lang Pack "{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5 "{16DD6E8B-E10B-4B6D-BC2D-B2BF631094F2}" = Microsoft Visual Studio 2012 Preparation "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17c2e197-cf26-443b-8beb-53151940df3f}" = Microsoft Visual Studio Professional 2012 "{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK "{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU "{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 "{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012 "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2418E58F-AB3B-3461-A0F6-623C4EF72E07}" = Microsoft Help Viewer 2.0 Language Pack - PLK "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv "{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100 "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources "{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2 "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3F851BBD-13F8-44C7-B9C9-64C55E97AC33}" = Program PIT 2012-2013 "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A5667B2-5D13-46C2-85B5-9D46A6096F61}" = Secure Download Manager "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools "{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012 "{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Intel(R) Small Business Advantage "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer "{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries "{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum) "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT "{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012 "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF3CB63-491B-48BB-A150-6791D0BC9AF7}" = Microsoft ASP.NET MVC 3 - PLK "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools "{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries "{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio "{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources "{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us "{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012 "{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack "{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack "{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3 "{E0E0C30A-89AF-11E0-951E-11904824019B}_is1" = CPU Speed Pro version 3 "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU "{E9F7A418-C569-4F1C-8907-0536163F25FE}" = Microsoft ASP.NET Web Pages - PLK "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00) "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework "{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIMP3" = AIMP3 "AQQ" = WapSter AQQ "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.191 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29 "Avira AntiVir Desktop" = Avira Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CWK" = CWK (Czasowy Wyłącznik Komputera) "DAEMON Tools Lite" = DAEMON Tools Lite "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0 "Microsoft Help Viewer 2.0 Language Pack - PLK" = Microsoft Help Viewer 2.0 Language Pack - PLK "Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Need for Speed Most Wanted_is1" = Need for Speed Most Wanted "OpenAL" = OpenAL "Opera 12.15.1748" = Opera 12.15 "Origin" = Origin "Picasa 3" = Picasa 3 "Pro Cycling Manager 2012_is1" = Pro Cycling Manager - Season 2012 version 1.3.0.0 "Q-Typing 1.3_is1" = Q-Typing 1.3 "SopCast" = SopCast 3.5.0 "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1 "SpeedFan" = SpeedFan (remove only) "Uprising44_is1" = Uprising44 1.0.3 "uTorrent" = µTorrent "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "XFastUSB" = XFastUSB [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dr.WEB CureIt! Packages" = Dr.WEB CureIt! Packages "lollipop" = Lollipop "SkyDriveSetup.exe" = Microsoft SkyDrive [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-06-11 12:33:50 | Computer Name = Piotr-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-06-11 12:33:50 | Computer Name = Piotr-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error - 2013-06-11 12:33:50 | Computer Name = Piotr-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error - 2013-06-11 13:06:12 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-11 17:30:46 | Computer Name = Piotr-Komputer | Source = EventSystem | ID = 4621 Description = Error - 2013-06-12 02:58:48 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-12 04:11:39 | Computer Name = Piotr-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2013-06-12 04:11:40 | Computer Name = Piotr-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2013-06-12 04:11:56 | Computer Name = Piotr-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 2013-06-12 08:50:03 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-12 13:50:06 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = [ Intel(R) SBA Events ] Error - 2012-11-14 14:07:42 | Computer Name = Piotr-Komputer | Source = Intel(R) Small Business Advantage Service | ID = 28672 Description = A critical error occurred. If restarting the computer does not solve the problem, please reinstall Intel(R) Small Business Advantage. System.Management.ManagementException: Shutting down w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) w System.Management.SinkForEventQuery.Cancel() w System.Management.ManagementEventWatcher.Stop() w System.Management.ManagementEventWatcher.Finalize() Error - 2013-05-02 12:55:05 | Computer Name = Piotr-Komputer | Source = Intel(R) Small Business Advantage Service | ID = 28672 Description = A critical error occurred. If restarting the computer does not solve the problem, please reinstall Intel(R) Small Business Advantage. System.Management.ManagementException: Shutting down w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) w System.Management.SinkForEventQuery.Cancel() w System.Management.ManagementEventWatcher.Stop() w System.Management.ManagementEventWatcher.Finalize() [ System Events ] Error - 2013-06-24 04:17:41 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2013-06-24 05:59:27 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 05:59:27 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 05:59:27 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 05:59:34 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 < End of report > [/log] Gmer [log] GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-24 12:58:29 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: gmer.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\awddrkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2044] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007759d03c 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_freealldevs] [18000daf0] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_close] [180017870] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_setfilter] [180017590] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_next_ex] [180017050] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_datalink] [180017130] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_compile] [180004640] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_findalldevs] [180002340] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_datalink_val_to_name] [180017240] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_setsampling] [180011840] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_lookupnet] [18000dd70] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2384] @ C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll[wpcap.dll!pcap_freecode] [1800027b0] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\wpcap.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef760741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7605f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7605674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7605e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7607f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7606a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7606ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7607b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7607ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef76078b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7604fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7605d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1288] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7607584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.1 ---- Thread C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe [3200:4692] 00000000022e32f6 Thread C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe [3200:4696] 00000000022f8e17 Thread C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe [3200:4700] 00000000022f19d6 Thread C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe [3200:4704] 00000000022ff627 Thread C:\Users\Piotr\AppData\Local\Lollipop\Lollipop.exe [3200:4708] 00000000022d39f2 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5136:5640] 000007fefbdc2a88 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5136:5648] 000007feeb1cc0b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5136:5360] 000007fef86a5124 Thread C:\Windows\System32\svchost.exe [1228:2604] 000007fef61f9688 ---- EOF - GMER 2.1 ---- [/log] EDIT: Już poprawione, dodane nowe logi.
Zayfi komentarz 24 czerwca 2013 komentarz 24 czerwca 2013 Brakuje loga Extras z OTL. Opcja rejestr skan dodatkowy była zaznaczona? 1. Z panelu programów odinstaluj BrowserDefender 2. Uruchom OTL i w oknie Własne opcje skanowania/ skrypt wklej :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/w...8B^YYYYYY^YY^US IE - HKCU\..\URLSearchHook: {3cb073f3-be3c-4e8f-942d-8a747b54486f} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...YYYYYY^YY^US&q={searchTerms} FF - prefs.js..browser.search.selectedEngine: "Delta Search" O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [lollipop] c:\users\piotr\appdata\local\lollipop\lollipop.exe () O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKCU..\Run: [zASRockInstantBoot] File not found :Files C:\Users\Piotr\AppData\Roaming\mozilla\Firefox\Profiles\emhedo2x.default\extensions\plugin@getwebcake.com C:\Users\Piotr\AppData\Roaming\mozilla\firefox\profiles\emhedo2x.default\searchplugins\babylon.xml C:\Users\Piotr\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I C:\Users\Piotr\AppData\Local\Lollipop C:\Program Files (x86)\WebCake C:\Users\Piotr\AppData\Roaming\WebCake :Commands [emptytemp] Kliknij w Wykonaj skrypt. 3. Pobierz ADWCleaner i wykonaj skan > przedstaw raport http://general-changelog-team.fr/outils/289-adwcleaner 4 Wykonaj nowy skan OTL i przedstaw raport. 1
BUBUs komentarz 24 czerwca 2013 Autor komentarz 24 czerwca 2013 (edytowane) Zamieszczam raport z ADW: [log] # AdwCleaner v2.303 - Log utworzony 24/06/2013 o 18:27:32 # Aktualizacja 08/06/2013 przez Xplode # System operacyjny : Windows 7 Ultimate (64 bits) # Użytkownik : Piotr - PIOTR-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\Piotr\Desktop\AdwCleaner.exe # Opcja [Szukaj] ***** [Usługi] ***** Znaleziono : WebCake Desktop Updater ***** [Pliki / Foldery] ***** Folder Znaleziono : C:\Program Files (x86)\WebCake Folder Znaleziono : C:\ProgramData\Babylon Folder Znaleziono : C:\ProgramData\BrowserDefender Folder Znaleziono : C:\ProgramData\DeviceVM Folder Znaleziono : C:\ProgramData\eSafe Folder Znaleziono : C:\ProgramData\Tarma Installer Folder Znaleziono : C:\Users\Piotr\AppData\Local\lollipop Folder Znaleziono : C:\Users\Piotr\AppData\Local\SwvUpdater Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\Ask.com Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\Babylon Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\DeviceVM Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\eDownload Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\eIntaller Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\emhedo2x.default\extensions\plugin@getwebcake.com Folder Znaleziono : C:\Users\Piotr\AppData\Roaming\WebCake Plik Znaleziono : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml Plik Znaleziono : C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\emhedo2x.default\searchplugins\Babylon.xml Plik Znaleziono : C:\Windows\Tasks\AmiUpdXp.job ***** [Rejestr] ***** Klucz Znaleziono : HKCU\Software\BabSolution Klucz Znaleziono : HKCU\Software\DataMngr Klucz Znaleziono : HKCU\Software\DataMngr_Toolbar Klucz Znaleziono : HKCU\Software\InstallCore Klucz Znaleziono : HKCU\Software\lollipop Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Klucz Znaleziono : HKLM\Software\Babylon Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL Klucz Znaleziono : HKLM\SOFTWARE\Classes\Prod.cap Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} Klucz Znaleziono : HKLM\SOFTWARE\Classes\Updater.AmiUpd Klucz Znaleziono : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Klucz Znaleziono : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api Klucz Znaleziono : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1 Klucz Znaleziono : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers Klucz Znaleziono : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1 Klucz Znaleziono : HKLM\Software\DataMngr Klucz Znaleziono : HKLM\Software\eSafeSecControl Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\a68b8fb26eee13 Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CB073F3-BE3C-4E8F-942D-8A747B54486F} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Klucz Znaleziono : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Klucz Znaleziono : HKLM\SOFTWARE\Tarma Installer Klucz Znaleziono : HKU\S-1-5-21-1340242540-120796152-2005457312-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Znaleziono : HKU\S-1-5-21-1340242540-120796152-2005457312-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3CB073F3-BE3C-4E8F-942D-8A747B54486F}] Wartość Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v9.0.8112.16490 -\\ Mozilla Firefox v21.0 (pl) Plik : C:\Users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\emhedo2x.default\prefs.js Znaleziono : user_pref("browser.search.selectedEngine", "Delta Search"); -\\ Google Chrome v [Nie udało się określić wersji] Plik : C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Plik w porządku. -\\ Opera v12.15.1748.0 Plik : C:\Users\Piotr\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Plik w porządku. ************************* AdwCleaner[R1].txt - [6531 octets] - [24/06/2013 18:27:32] ########## EOF - C:\AdwCleaner[R1].txt - [6591 octets] ########## [/log] OTL: [log] OTL logfile created on: 2013-06-24 18:33:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piotr\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,64% Memory free 7,90 Gb Paging File | 6,32 Gb Available in Paging File | 80,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 24,54 Gb Free Space | 31,46% Space Free | Partition Type: NTFS Drive D: | 195,21 Gb Total Space | 34,16 Gb Free Space | 17,50% Space Free | Partition Type: NTFS Drive E: | 192,32 Gb Total Space | 175,14 Gb Free Space | 91,07% Space Free | Partition Type: NTFS Computer Name: PIOTR-KOMPUTER | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-06-24 13:29:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013-06-24 13:28:21 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013-06-24 13:28:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013-06-24 12:44:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe PRC - [2013-06-07 22:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013-06-07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-04-10 19:32:32 | 008,030,720 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2013-02-28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012-09-08 22:15:01 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe PRC - [2012-02-07 12:04:56 | 000,133,400 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe PRC - [2012-02-07 12:04:54 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012-02-07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-01-26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011-11-29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011-05-19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2011-03-28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2009-07-14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe========== Modules (No Company Name) ========== MOD - [2013-06-24 15:08:36 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\53a29ef851c9ac0aebd618f54f53799f\IAStorUtil.ni.dll MOD - [2013-06-24 15:06:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013-06-24 15:06:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013-06-24 15:06:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013-06-24 15:06:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013-06-24 15:06:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013-06-24 15:05:58 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013-06-24 15:05:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013-02-02 23:21:10 | 004,176,896 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2013-01-29 15:10:14 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2013-01-28 10:39:26 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-12-12 07:32:37 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012-11-25 16:55:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2012-10-06 12:54:27 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012-10-06 12:54:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012-04-06 02:49:40 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012-04-06 02:49:40 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012-04-06 02:49:39 | 004,214,784 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2009-07-14 19:55:04 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-07-14 19:55:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009-06-10 23:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009-06-10 23:23:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2009-06-10 23:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009-06-10 23:23:03 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009-06-10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll========== Services (SafeList) ========== SRV:64bit: - [2012-12-19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012-02-09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:64bit: - [2012-02-02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011-10-19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-06-24 13:29:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013-06-24 13:28:21 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013-06-12 21:24:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-05-28 14:16:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-02-28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012-07-25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012-02-27 13:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R) SRV - [2012-02-07 12:05:04 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-02-07 12:05:04 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-02-07 12:04:54 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012-02-07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-04-01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-03-28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010-06-25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009-09-20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ========== DRV:64bit: - [2013-06-24 18:31:36 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013-06-24 13:29:29 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013-06-24 13:29:29 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013-06-24 13:29:29 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013-05-01 17:51:07 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2012-12-19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-12-19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-11-06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012-10-26 20:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012-09-09 14:19:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-09-08 22:15:01 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012-07-17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-02-09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012-02-09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012-02-09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012-01-26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012-01-26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012-01-26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012-01-13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011-11-29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011-09-21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011-08-23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011-08-17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011-08-17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011-08-17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011-07-04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011-05-10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-06-25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009-11-18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-02-13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2012-07-13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Visual Studio 2012 PRO\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?l=dis&o=APN10234&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=0124181182344542&p2=^A8B^YYYYYY^YY^US IE - HKCU\..\URLSearchHook: {3cb073f3-be3c-4e8f-942d-8a747b54486f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=A0EFBC5FF442C876 IE - HKCU\..\SearchScopes\{1584D16E-4060-4631-ACFC-227F4673A663}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=0124181182344542&p2=^A8B^YYYYYY^YY^US&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-13 21:02:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-13 21:02:21 | 000,000,000 | ---D | M] [2012-09-11 21:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotr\AppData\Roaming\mozilla\Extensions [2013-06-13 17:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotr\AppData\Roaming\mozilla\Firefox\Profiles\emhedo2x.default\extensions [2013-06-13 17:17:57 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Piotr\AppData\Roaming\mozilla\Firefox\Profiles\emhedo2x.default\extensions\plugin@getwebcake.com [2013-06-18 10:55:52 | 000,006,470 | ---- | M] () -- C:\Users\Piotr\AppData\Roaming\mozilla\firefox\profiles\emhedo2x.default\searchplugins\babylon.xml [2013-06-18 10:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013-05-28 14:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-05-28 14:16:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-11-05 17:20:34 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml========== Chrome ========== CHR - Extension: No name found = C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla\2.0_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll File not found O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Piotr\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C06646B-D6B0-4631-99AC-A7E1403E0E38}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ========== [2013-06-24 18:23:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013-06-24 14:41:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013-06-24 14:41:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013-06-24 14:36:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-06-24 14:36:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-06-24 14:36:27 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-06-24 14:36:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013-06-24 14:36:27 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-06-24 14:36:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-06-24 14:36:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-06-24 14:36:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-06-24 14:36:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-06-24 14:36:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-06-24 14:36:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-06-24 14:36:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-06-24 14:36:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-06-24 14:36:26 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-06-24 14:36:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-06-24 14:36:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-06-24 14:36:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013-06-24 14:36:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013-06-24 14:36:26 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-06-24 14:36:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-06-24 14:36:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-06-24 14:36:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-06-24 14:36:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013-06-24 14:36:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-06-24 14:36:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-06-24 14:36:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013-06-24 14:36:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-06-24 14:36:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-06-24 14:36:26 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-06-24 14:36:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-06-24 14:36:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-06-24 14:36:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-06-24 14:36:25 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-06-24 14:36:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-06-24 14:36:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-06-24 14:36:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-06-24 14:36:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-06-24 14:36:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-06-24 14:36:25 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-06-24 14:36:25 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-06-24 14:36:25 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-06-24 14:36:25 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013-06-24 14:36:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-24 14:36:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-06-24 14:36:25 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-06-24 14:36:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-06-24 14:36:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-06-24 14:36:25 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-06-24 14:36:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013-06-24 14:36:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-06-24 14:36:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013-06-24 14:36:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-06-24 14:36:25 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-06-24 14:36:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-06-24 14:36:25 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013-06-24 14:36:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-06-24 14:36:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-06-24 14:36:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-06-24 14:36:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-06-24 14:36:25 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-06-24 14:36:25 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-06-24 14:36:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-06-24 14:36:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-06-24 14:36:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-06-24 14:36:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-06-24 14:36:25 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-06-24 14:36:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-06-24 14:36:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-06-24 14:36:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-06-24 14:36:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-06-24 14:36:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-06-24 14:36:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-06-24 14:30:55 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013-06-24 14:30:55 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013-06-24 14:30:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013-06-24 14:30:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013-06-24 14:30:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013-06-24 14:30:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013-06-24 14:30:37 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013-06-24 14:30:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013-06-24 14:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013-06-24 14:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013-06-24 14:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013-06-24 14:23:16 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2013-06-24 14:23:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013-06-24 14:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013-06-24 14:03:21 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Local\Windows Live [2013-06-24 14:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013-06-24 14:03:00 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013-06-24 14:03:00 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013-06-24 14:03:00 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013-06-24 14:03:00 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2013-06-24 14:03:00 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013-06-24 14:02:59 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2013-06-24 14:02:59 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2013-06-24 13:54:34 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2013-06-24 13:54:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2013-06-24 13:54:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013-06-24 13:54:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2013-06-24 13:54:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013-06-24 13:54:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2013-06-24 13:54:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2013-06-24 13:53:57 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013-06-24 13:53:57 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013-06-24 13:53:56 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013-06-24 13:53:56 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013-06-24 13:53:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013-06-24 13:53:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013-06-24 13:52:57 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2013-06-24 13:51:46 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013-06-24 13:51:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013-06-24 13:51:46 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013-06-24 13:51:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013-06-24 13:51:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013-06-24 13:51:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013-06-24 13:51:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013-06-24 13:51:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013-06-24 13:51:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013-06-24 13:51:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013-06-24 13:51:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013-06-24 13:51:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013-06-24 13:51:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013-06-24 13:51:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013-06-24 13:51:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013-06-24 13:51:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013-06-24 13:51:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013-06-24 13:51:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013-06-24 13:51:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013-06-24 13:51:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013-06-24 13:51:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013-06-24 13:51:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013-06-24 13:51:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013-06-24 13:51:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013-06-24 13:51:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013-06-24 13:51:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013-06-24 13:51:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013-06-24 13:51:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013-06-24 13:51:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013-06-24 13:51:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013-06-24 13:51:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013-06-24 13:51:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013-06-24 13:49:44 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013-06-24 13:49:44 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013-06-24 13:49:44 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013-06-24 13:49:44 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2013-06-24 13:49:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2013-06-24 13:49:44 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2013-06-24 13:49:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2013-06-24 13:49:29 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-06-24 13:49:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-06-24 13:49:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-06-24 13:49:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-06-24 13:49:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-06-24 13:49:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-06-24 13:49:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-06-24 13:49:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-06-24 13:49:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-06-24 13:49:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-06-24 13:49:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-06-24 13:49:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-06-24 13:49:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-06-24 13:49:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-06-24 13:49:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-06-24 13:49:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-06-24 13:49:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-06-24 13:49:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-06-24 13:49:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-06-24 13:49:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-06-24 13:49:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-06-24 13:49:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-06-24 13:49:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-06-24 13:49:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-06-24 13:49:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-06-24 13:49:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-06-24 13:49:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-06-24 13:49:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-06-24 13:48:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013-06-24 13:48:00 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013-06-24 13:47:57 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013-06-24 13:47:57 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013-06-24 13:47:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013-06-24 13:47:48 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2013-06-24 13:47:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2013-06-24 13:47:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2013-06-24 13:47:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2013-06-24 13:47:17 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013-06-24 13:47:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013-06-24 13:47:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013-06-24 13:47:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013-06-24 13:47:14 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2013-06-24 13:47:14 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2013-06-24 13:47:14 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2013-06-24 13:47:14 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2013-06-24 13:47:14 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2013-06-24 13:47:14 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2013-06-24 13:47:14 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2013-06-24 13:47:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2013-06-24 13:47:14 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2013-06-24 13:47:14 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2013-06-24 13:47:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2013-06-24 13:47:14 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2013-06-24 13:47:14 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2013-06-24 13:47:14 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2013-06-24 13:47:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2013-06-24 13:47:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2013-06-24 13:47:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2013-06-24 13:47:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2013-06-24 13:47:08 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013-06-24 13:47:08 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013-06-24 13:47:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013-06-24 13:46:58 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-06-24 13:46:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-06-24 13:46:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-06-24 13:46:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013-06-24 13:46:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013-06-24 13:46:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013-06-24 13:46:47 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013-06-24 13:46:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013-06-24 13:46:41 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2013-06-24 13:46:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013-06-24 13:46:35 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013-06-24 13:46:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013-06-24 13:46:34 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013-06-24 13:46:34 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013-06-24 13:46:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013-06-24 13:46:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013-06-24 13:46:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013-06-24 13:46:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013-06-24 13:46:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2013-06-24 13:46:33 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013-06-24 13:46:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013-06-24 13:46:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2013-06-24 13:46:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-06-24 13:46:29 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-06-24 13:46:21 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013-06-24 13:46:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013-06-24 13:46:10 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013-06-24 13:46:10 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013-06-24 13:46:06 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013-06-24 13:46:00 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013-06-24 13:46:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013-06-24 13:45:58 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2013-06-24 13:45:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2013-06-24 13:36:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013-06-24 13:35:20 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\Avira [2013-06-24 13:31:08 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013-06-24 13:29:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013-06-24 13:29:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013-06-24 13:29:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013-06-24 13:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013-06-24 13:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013-06-24 12:45:47 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Desktop\gmer [2013-06-24 12:44:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe [2013-06-18 10:56:11 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I [2013-06-18 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\Babylon [2013-06-18 10:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013-06-16 20:05:05 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Doctor Web [2013-06-16 17:55:00 | 013,168,216 | ---- | C] (Opera Software ASA) -- C:\Users\Piotr\Desktop\Opera_1215_int_Setup.exe [2013-06-13 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Local\SwvUpdater [2013-06-13 17:17:57 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\WebCake [2013-06-13 17:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013-06-13 17:17:53 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Local\Lollipop [2013-06-13 17:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013-06-13 17:17:27 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\eIntaller [2013-06-13 17:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013-06-13 17:16:58 | 000,000,000 | ---D | C] -- C:\Users\Piotr\AppData\Roaming\eDownload [2013-06-11 18:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2013-06-11 18:36:41 | 014,965,064 | ---- | C] (Google Inc.) -- C:\Users\Piotr\Desktop\picasa39-setup.exe [2013-05-28 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Piotr\Desktop\brama [2013-05-28 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-06-24 18:31:47 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013-06-24 18:31:43 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-06-24 18:31:43 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013-06-24 18:31:36 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013-06-24 18:31:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-06-24 18:31:21 | 3180,834,816 | -HS- | M] () -- C:\hiberfil.sys [2013-06-24 18:27:11 | 000,648,201 | ---- | M] () -- C:\Users\Piotr\Desktop\AdwCleaner.exe [2013-06-24 18:24:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-06-24 18:20:25 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-06-24 15:06:32 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-06-24 15:06:32 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-06-24 14:58:39 | 000,423,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-06-24 14:36:27 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-06-24 14:36:27 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-06-24 14:36:27 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-06-24 14:36:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2013-06-24 14:36:27 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-06-24 14:36:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-06-24 14:36:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-06-24 14:36:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-06-24 14:36:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-06-24 14:36:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-06-24 14:36:27 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-06-24 14:36:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-06-24 14:36:26 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-06-24 14:36:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-06-24 14:36:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-06-24 14:36:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-06-24 14:36:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2013-06-24 14:36:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2013-06-24 14:36:26 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-06-24 14:36:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-06-24 14:36:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-06-24 14:36:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-06-24 14:36:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2013-06-24 14:36:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-06-24 14:36:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-06-24 14:36:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2013-06-24 14:36:26 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-06-24 14:36:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013-06-24 14:36:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-06-24 14:36:26 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-06-24 14:36:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-06-24 14:36:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-06-24 14:36:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-06-24 14:36:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-06-24 14:36:25 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-06-24 14:36:25 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-06-24 14:36:25 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-06-24 14:36:25 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-06-24 14:36:25 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-06-24 14:36:25 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-06-24 14:36:25 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-06-24 14:36:25 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-06-24 14:36:25 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2013-06-24 14:36:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-24 14:36:25 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-06-24 14:36:25 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-06-24 14:36:25 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-06-24 14:36:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-06-24 14:36:25 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-06-24 14:36:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2013-06-24 14:36:25 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-06-24 14:36:25 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2013-06-24 14:36:25 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-06-24 14:36:25 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-06-24 14:36:25 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-06-24 14:36:25 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2013-06-24 14:36:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-06-24 14:36:25 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-06-24 14:36:25 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-06-24 14:36:25 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-06-24 14:36:25 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-06-24 14:36:25 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-06-24 14:36:25 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-06-24 14:36:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-06-24 14:36:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-06-24 14:36:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013-06-24 14:36:25 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-06-24 14:36:25 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-06-24 14:36:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-06-24 14:36:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-06-24 14:36:25 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-06-24 14:36:25 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-06-24 14:36:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-06-24 14:36:24 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-06-24 13:31:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013-06-24 13:30:04 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013-06-24 13:29:29 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013-06-24 13:29:29 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013-06-24 13:29:29 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013-06-24 13:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013-06-24 12:45:22 | 000,368,554 | ---- | M] () -- C:\Users\Piotr\Desktop\gmer.zip [2013-06-24 12:44:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotr\Desktop\OTL.exe [2013-06-23 22:15:09 | 000,924,310 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-06-23 22:15:09 | 000,715,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-06-23 22:15:09 | 000,216,944 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-06-23 22:15:09 | 000,180,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-06-23 22:15:09 | 000,006,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-06-16 18:00:38 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013-06-16 17:55:15 | 013,168,216 | ---- | M] (Opera Software ASA) -- C:\Users\Piotr\Desktop\Opera_1215_int_Setup.exe [2013-06-16 14:54:01 | 000,061,419 | ---- | M] () -- C:\Users\Piotr\Desktop\DSC09830.JPG [2013-06-12 21:24:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-06-12 21:24:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-06-11 18:38:25 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-06-11 18:37:29 | 014,965,064 | ---- | M] (Google Inc.) -- C:\Users\Piotr\Desktop\picasa39-setup.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files Created - No Company Name ========== [2013-06-24 18:27:08 | 000,648,201 | ---- | C] () -- C:\Users\Piotr\Desktop\AdwCleaner.exe [2013-06-24 14:41:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013-06-24 14:36:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013-06-24 14:36:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013-06-24 14:30:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013-06-24 13:30:04 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013-06-24 12:45:22 | 000,368,554 | ---- | C] () -- C:\Users\Piotr\Desktop\gmer.zip [2013-06-16 18:00:38 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013-06-16 18:00:38 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2013-06-16 14:54:01 | 000,061,419 | ---- | C] () -- C:\Users\Piotr\Desktop\DSC09830.JPG [2013-06-13 17:18:05 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job [2013-06-11 18:38:25 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2013-06-04 16:33:54 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-06-04 16:33:53 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-11-23 18:39:06 | 000,000,173 | ---- | C] () -- C:\Users\Piotr\AppData\Local\msmathematics.qat.Piotr [2012-09-13 21:00:03 | 000,211,167 | ---- | C] () -- C:\Windows\hpoins18.dat [2012-09-13 21:00:03 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2012-09-09 14:24:39 | 001,640,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-09-09 13:03:28 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2012-09-08 23:08:41 | 000,007,598 | ---- | C] () -- C:\Users\Piotr\AppData\Local\Resmon.ResmonCfg [2012-09-08 22:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-09-08 22:17:48 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012-09-08 22:17:48 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012-09-08 22:17:48 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012-09-08 22:17:46 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-09-08 22:17:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-09-08 22:15:07 | 000,000,003 | ---- | C] () -- C:\Users\Piotr\AppData\Local\user_data.ini [2012-07-28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-07-28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-02-02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/log] Extras: [log] OTL Extras logfile created on: 2013-06-24 18:33:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piotr\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,64% Memory free 7,90 Gb Paging File | 6,32 Gb Available in Paging File | 80,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 24,54 Gb Free Space | 31,46% Space Free | Partition Type: NTFS Drive D: | 195,21 Gb Total Space | 34,16 Gb Free Space | 17,50% Space Free | Partition Type: NTFS Drive E: | 192,32 Gb Total Space | 175,14 Gb Free Space | 91,07% Space Free | Partition Type: NTFS Computer Name: PIOTR-KOMPUTER | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (All) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1========== Authorized Applications List ==================== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08153F4D-E340-49D9-9D45-112C80385FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{262C8461-A858-4C6B-8852-4E9AD4C48EA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28CAF071-0027-4976-B319-1E4B89E2678B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33314407-D9AC-483B-B9E4-B01C8287D374}" = lport=2869 | protocol=6 | dir=in | app=system | "{372FA12B-6D44-4790-8A6F-ECFD6308D28D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C6EF491-D1CA-4A14-AAF2-DA7327E90847}" = rport=138 | protocol=17 | dir=out | app=system | "{623B20ED-B439-48B2-9F19-ADAFC4FF3596}" = lport=137 | protocol=17 | dir=in | app=system | "{6CBBDEEF-7E4A-4566-9DE2-65211E8C2BCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6E283786-E215-40C3-9BA3-5CC6A05417A4}" = rport=445 | protocol=6 | dir=out | app=system | "{7B17BFBA-DEC9-4315-AAA9-2AF20DC0E259}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B1FAACE-0059-4A04-AF53-739081E9B364}" = lport=445 | protocol=6 | dir=in | app=system | "{7D820134-CAA5-4EAC-A855-479CFB759685}" = rport=139 | protocol=6 | dir=out | app=system | "{8875B3F7-F058-412B-AADE-A07D4621FCEC}" = lport=10243 | protocol=6 | dir=in | app=system | "{91043EDB-6671-4BB0-9FB5-F8A252A1B519}" = lport=139 | protocol=6 | dir=in | app=system | "{9F9D5551-896B-425D-8928-A35EE5FE0A5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A46BE6BD-8FDB-4555-B5D6-941BA5C9C75D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B0F7D689-0116-4CE2-942A-107D649F69E6}" = rport=137 | protocol=17 | dir=out | app=system | "{BB4A25D7-42BE-464E-A6DF-332CE3E0D8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BD62AB18-654F-49CC-A9A6-718C1C08B14C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D21AEDC0-2379-4EAB-B8AB-B59E928FE834}" = rport=10243 | protocol=6 | dir=out | app=system | "{DD83AEAF-4617-4DEA-AB57-0B1DB909973A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E42B5105-9555-466B-BA49-B1467ACE85E8}" = lport=138 | protocol=17 | dir=in | app=system | "{E5E3EFBB-FCC7-4909-948D-B590A276F062}" = lport=3702 | protocol=17 | dir=in | app=e:\visual studio 2012 pro\common7\ide\devenv.exe | "{FFB54B51-6896-4522-B52B-65294C279AFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027098F3-51B7-4753-A0D4-9878A238DA5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{06307C54-7127-4DF5-8A61-37FDE6E1F4D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{12213CE6-90F1-448F-A9F9-402913C67631}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{17321DEF-053F-43D0-9385-74E2C7A2FEF3}" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\launchgtaiv.exe | "{174C177D-3E8F-472C-A635-3A8F5B7C4FC5}" = protocol=6 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "{1EB9CCF8-1BCE-4037-B033-417CFE253CB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{2022282C-CEFC-476C-A98F-779CA196BF33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{20EC9556-5B4D-401A-8DFD-150133AD83DC}" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\grand theft auto iv\launchgtaiv.exe | "{21525832-CB84-462F-9CFF-0B7CBF8F09B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{30BD5668-17B7-40FF-AA7A-3ABE3D53B24C}" = protocol=6 | dir=in | app=d:\gry\dirt 3\dirt3_game.exe | "{3B15AB4B-06EF-4418-A59F-E38EE5BB7D14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{3B854B84-932E-44CA-99B0-A1B9061BE67E}" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\launchgtaiv.exe | "{40C83E83-EDCC-4938-ACC7-A7D18DA828A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4885BAD2-BB64-49E4-A087-E3FF18858B0C}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2012\pcm.exe | "{4A4F0EC1-6FAC-4F65-B4AB-214D513730BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{4B7782D0-E3F8-4C4F-AF06-707061B3598F}" = dir=in | app=c:\users\piotr\appdata\local\microsoft\skydrive\skydrive.exe | "{4CD9EB58-7CEE-466F-9459-3280FA036001}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{509B58A9-6D15-45CD-9276-8567EB57D0B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52528064-A85E-4374-A82B-6692182989CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{53CED20D-2D7C-411D-B5BF-099B35D1A2E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{54051DCE-3B0C-4BF2-92FD-905E9A5FDBE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{56544BFC-F37C-45DD-A507-25D3779CAC33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{57BDF627-A2AA-4FD3-B874-D9EB045D80EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62475362-6DF1-4368-8C78-19FABA1034EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{6327CA1C-7A92-4253-88BA-69CC5EE7D623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B6AB44F-3F8B-45CE-8FC5-149E813DD027}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{7423A462-7982-46D1-90EE-81556C8F6A0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{76C455C1-258D-40D0-85F2-2A5709CFE2D8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7A9684BF-E6AF-47F3-87FB-EBA409C276E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D0E66B7-7D82-411C-BEDA-83E42CFB6AD9}" = protocol=6 | dir=out | app=system | "{7D7687FF-B3D1-40F7-803E-C1966F39D3E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{7F059085-48B7-4DE3-ADBE-53DF4063553E}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2012\autorun\exe\autorun.exe | "{806EC712-1963-408E-A630-1CA3459CE6C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{80757DC9-089D-40CF-8D43-06103772EC94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{88EF2AF8-2776-49E0-A80B-C8D015F12305}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{901601E9-047A-4D75-B657-683892C5CDBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{91FBD99E-0384-4423-9F05-A80EC2D31332}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96A5FF22-1072-43CD-95B6-46260808FCD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{98FD62BE-AB3A-4679-8EE3-90EF1E142312}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2012\autorun\exe\autorun.exe | "{A4CEF440-7BAA-40E6-BFAC-F7A0A2312CCF}" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\grand theft auto iv\launchgtaiv.exe | "{A8B6212C-3714-4AEE-9769-7C317AF34AA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ABAC2427-41C8-4603-A0F9-1EFD4751C5D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{AEC26B2D-2FE2-4400-B8BE-A1025EE4C34C}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2012\pcm.exe | "{BE6AB972-9043-467D-852F-CCBE5B7D8616}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C4D76E4E-F814-4DA8-B14F-40E96F28C03B}" = protocol=17 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "{C778BEFE-7B82-4421-A995-872E4F12D884}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C9BB5A23-7151-4147-8933-E4EF5676B17B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{CAF24B5B-338F-4A7A-943F-A38076DCADA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{CE0D40C5-69C2-40C2-A9FB-FFDF0B97A75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CF76AB42-A492-44CA-931A-D7BB90AC234D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D057D902-E3FF-4C52-8862-9456E47F84E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1B42449-D3F3-456D-BA4F-B1522800DD74}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{DEAF63A3-C501-4044-BBA3-B799146BA1B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E6D89409-D6DB-4B4B-A7A9-9213B3A70A1C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E7138DDC-39CE-4BA4-841B-0E096D8F5149}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E78D5424-696D-454F-B05D-2B969970C67C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{EF0A1AAB-43CF-4086-AB71-61E612EFF26B}" = protocol=17 | dir=in | app=d:\gry\dirt 3\dirt3_game.exe | "{F8966163-B353-46A2-B32A-9CAA6E5E3015}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{F9FF1132-7B70-4E17-90CC-2D5D75AAE092}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "TCP Query User{3A6D93C6-21A8-4922-AEE0-F7EE48EE5BBF}D:\gry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\gta iv\grand theft auto iv\gtaiv.exe | "TCP Query User{48C0802F-35FA-4C1F-83F5-7EB6214E3155}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{57F6A478-BD62-49E9-BB1D-985B7B99CEF4}D:\gry\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{659B1B07-CEF1-42A7-BE15-90E2E7DFC431}D:\gry\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\gry\need for speed most wanted\nfs13.exe | "TCP Query User{738DBC82-14F2-42DA-B3F2-D08372D015B9}D:\gry\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe | "TCP Query User{909A8F43-5ABF-4D0A-880E-C80B38EEFFDB}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "TCP Query User{92F7706D-E37B-4469-B5F1-48C47A3BED44}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{C96E5B5F-5D61-4779-A02E-B6DDA562C826}D:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe | "TCP Query User{FA798219-1E5D-4261-A71B-1AB02AE03F12}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{04CAE883-AE4D-4DF2-BCB7-C6E0052C161A}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{1E823AAD-EA8E-4847-9F02-449E2B4ABACE}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | "UDP Query User{34210AEA-38B0-4978-B39A-AE0C1004F61A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{3B315247-F582-42F8-8F7A-37C5D8FB0723}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | "UDP Query User{4F71AF5F-0E4B-441D-BA78-2955A2C2A4EF}D:\gry\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\gta iv\grand theft auto iv\gtaiv.exe | "UDP Query User{502204E9-B9F5-4689-98F8-93690F5ED77B}D:\gry\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\gry\need for speed most wanted\nfs13.exe | "UDP Query User{8277B2B2-318D-418B-B7D7-651CB9FC97C1}D:\gry\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=d:\gry\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{AB085396-C401-4E6B-8C14-CBF2CD2420C0}D:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\torrent\csgo\3dmgame-counter-strike.global.offensive.beta.steam-3dm\counter-strike.global.offensive.beta.steam-3dm\counter-strike global offensive\csgo.exe | "UDP Query User{E95768A1-8A74-4060-8253-2BA2CDFD6CB7}D:\gry\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\gry\fifa 13\game\fifa13.exe |========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{0AB1CEAD-FF24-33F8-8A25-292A8E835822}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{12ABC13D-6540-483D-92B9-30CE1667B002}" = Intel(R) Smart Connect Technology 2.0 x64 "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack "{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote "{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework "{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64) "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites "{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools "{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU "{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Polski pakiet językowy dla programu Microsoft .NET Framework 4.5 PLK "{94C42BE9-B62A-3558-A793-AD49B354F7AA}" = Microsoft .NET Framework 4.5 PLK Language Pack "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64 "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 "{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0 "{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit) "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64) "{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64) "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86 "{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU "422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) "ASRock App Charger_is1" = ASRock App Charger v1.0.5 "ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6 "ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9 "CCleaner" = CCleaner "DCS A-10C_is1" = DCS A-10C "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK" = Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Shop for HP Supplies" = Shop for HP Supplies "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012 "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64 "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu "{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1164D725-1114-4EB4-A559-5CD80A50ED5D}" = Microsoft .NET Framework 4.5 SDK - PLK Lang Pack "{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012 "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5 "{16DD6E8B-E10B-4B6D-BC2D-B2BF631094F2}" = Microsoft Visual Studio 2012 Preparation "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17c2e197-cf26-443b-8beb-53151940df3f}" = Microsoft Visual Studio Professional 2012 "{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK "{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU "{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 "{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012 "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2418E58F-AB3B-3461-A0F6-623C4EF72E07}" = Microsoft Help Viewer 2.0 Language Pack - PLK "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv "{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100 "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources "{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2 "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3F851BBD-13F8-44C7-B9C9-64C55E97AC33}" = Program PIT 2012-2013 "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4A5667B2-5D13-46C2-85B5-9D46A6096F61}" = Secure Download Manager "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools "{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012 "{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Intel(R) Small Business Advantage "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer "{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries "{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum) "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT "{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012 "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF3CB63-491B-48BB-A150-6791D0BC9AF7}" = Microsoft ASP.NET MVC 3 - PLK "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools "{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries "{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio "{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources "{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us "{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012 "{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack "{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack "{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3 "{E0E0C30A-89AF-11E0-951E-11904824019B}_is1" = CPU Speed Pro version 3 "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU "{E9F7A418-C569-4F1C-8907-0536163F25FE}" = Microsoft ASP.NET Web Pages - PLK "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00) "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework "{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIMP3" = AIMP3 "AQQ" = WapSter AQQ "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.191 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29 "Avira AntiVir Desktop" = Avira Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CWK" = CWK (Czasowy Wyłącznik Komputera) "DAEMON Tools Lite" = DAEMON Tools Lite "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0 "Microsoft Help Viewer 2.0 Language Pack - PLK" = Microsoft Help Viewer 2.0 Language Pack - PLK "Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Need for Speed Most Wanted_is1" = Need for Speed Most Wanted "OpenAL" = OpenAL "Opera 12.15.1748" = Opera 12.15 "Origin" = Origin "Picasa 3" = Picasa 3 "Pro Cycling Manager 2012_is1" = Pro Cycling Manager - Season 2012 version 1.3.0.0 "Q-Typing 1.3_is1" = Q-Typing 1.3 "SopCast" = SopCast 3.5.0 "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1 "SpeedFan" = SpeedFan (remove only) "Uprising44_is1" = Uprising44 1.0.3 "uTorrent" = µTorrent "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "XFastUSB" = XFastUSB========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dr.WEB CureIt! Packages" = Dr.WEB CureIt! Packages "SkyDriveSetup.exe" = Microsoft SkyDrive========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-06-07 11:53:17 | Computer Name = Piotr-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 2013-06-07 14:13:54 | Computer Name = Piotr-Komputer | Source = EventSystem | ID = 4621 Description = Error - 2013-06-07 16:56:21 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 02:50:25 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 03:39:38 | Computer Name = Piotr-Komputer | Source = EventSystem | ID = 4621 Description = Error - 2013-06-08 07:51:19 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 08:12:37 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 09:13:43 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 14:35:24 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = Error - 2013-06-08 15:42:34 | Computer Name = Piotr-Komputer | Source = EventSystem | ID = 4621 Description = Error - 2013-06-09 00:21:17 | Computer Name = Piotr-Komputer | Source = ISCT Agent | ID = 1003 Description = [ Intel(R) SBA Events ] Error - 2012-11-14 14:07:42 | Computer Name = Piotr-Komputer | Source = Intel(R) Small Business Advantage Service | ID = 28672 Description = A critical error occurred. If restarting the computer does not solve the problem, please reinstall Intel(R) Small Business Advantage. System.Management.ManagementException: Shutting down w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) w System.Management.SinkForEventQuery.Cancel() w System.Management.ManagementEventWatcher.Stop() w System.Management.ManagementEventWatcher.Finalize() Error - 2013-05-02 12:55:05 | Computer Name = Piotr-Komputer | Source = Intel(R) Small Business Advantage Service | ID = 28672 Description = A critical error occurred. If restarting the computer does not solve the problem, please reinstall Intel(R) Small Business Advantage. System.Management.ManagementException: Shutting down w System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) w System.Management.SinkForEventQuery.Cancel() w System.Management.ManagementEventWatcher.Stop() w System.Management.ManagementEventWatcher.Finalize() [ System Events ] Error - 2013-06-24 12:30:41 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 12:32:36 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 12:32:36 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 12:32:36 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2013-06-24 12:32:54 | Computer Name = Piotr-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 < End of report > [/log]
Zayfi komentarz 24 czerwca 2013 komentarz 24 czerwca 2013 zamknij wszystkie przeglądarki. Uruchom AdwCleaner i zastosuj opcję Usuń. Zdaj relację czy reklamy dalej są. 1
BUBUs komentarz 24 czerwca 2013 Autor komentarz 24 czerwca 2013 Reklamy zniknęły. Dzięki za pomoc w ich usunięciu :) Pojawiły się natomiast, po wykonaniu raportu AdwCleanerem pliki o nazwach: -deskop.ini (2 razy) -~Sotokół.dot Mam je usunąć?
Zayfi komentarz 24 czerwca 2013 komentarz 24 czerwca 2013 Mam je usunąć? Nie. Nic nie usuwaj. Uruchom OTL i kliknij Sprzątanie. Daj znać po restarcie czy pliczki się schowały. jest teraz właczona opcja pokazywania ukrytych plików. 1
BUBUs komentarz 24 czerwca 2013 Autor komentarz 24 czerwca 2013 Wszystko zniknęło, problem rozwiązany. Jeszcze raz dzięki !
Zayfi komentarz 24 czerwca 2013 komentarz 24 czerwca 2013 Na koniec uruchom ADWCleaner i kliknij Odinstaluj. To wszystko. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.