Lov3las3K utworzono 22 grudnia 2013 utworzono 22 grudnia 2013 Cześć dziś postanowiłem wyczyścić laptopa beż żadnych formatów itp... Mianowicie mam problem z programami jakie odinstalować żeby nie uszkodzić systemu. Wrzucę zżuty z ekranu i napiszcie mi pod spodem jakie programy usunąć a jakie zostawić. Dobrze by było gdybyście napisali do czego służy jaki program. Z góry dzięki i dodaje SS. 1. 2.
konndzzio komentarz 22 grudnia 2013 komentarz 22 grudnia 2013 usuń wszystko z ASUS w nazwie :),, a tak na serio to ja widzę optymizer pro (głupi skubanie) czekaj na Natsuki Kuga, wpada co jakiś czas i załatwia wszystko, i na przyszłość rób logi z programów np. OTL, bo potem taki Natsuki je sprawdza i widzi wszystko co niechciane i sporządza skrypt który jest usunie 1
Lov3las3K komentarz 22 grudnia 2013 Autor komentarz 22 grudnia 2013 Okey to czekam na Natsuki a co do logów to jak je robić ?
konndzzio komentarz 22 grudnia 2013 komentarz 22 grudnia 2013 http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/ 1
Lov3las3K komentarz 22 grudnia 2013 Autor komentarz 22 grudnia 2013 Jest to OTL.txt wyskoczyło mi tylko jedno ;/ [spoiler]OTL logfile created on: 2013-12-22 20:25:07 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 31,44% Memory free 5,82 Gb Paging File | 3,18 Gb Available in Paging File | 54,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 58,52 Gb Free Space | 49,08% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 125,06 Gb Free Space | 81,28% Space Free | Partition Type: NTFS Drive E: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,45 Gb Total Space | 4,75 Gb Free Space | 63,73% Space Free | Partition Type: FAT32 Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013-01-29 14:28:32 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012-09-19 15:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe PRC - [2011-12-16 07:55:44 | 000,187,696 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll MOD - [2013-12-04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011-08-07 12:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-09-15 13:21:32 | 001,762,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2013-01-29 14:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:[b]64bit:[/b] - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:[b]64bit:[/b] - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-09-19 23:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-04-01 09:58:44 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:[b]64bit:[/b] - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:[b]64bit:[/b] - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:[b]64bit:[/b] - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:[b]64bit:[/b] - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:[b]64bit:[/b] - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:[b]64bit:[/b] - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:[b]64bit:[/b] - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/p/?LinkId=255141"]http://go.microsoft.com/fwlink/p/?LinkId=255141[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://start.mysearchdial.com/results.php?f=4&q=%7BsearchTerms%7D&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url] IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=ASUTDF&pc=NP06&src=IE-SearchBox"]http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox[/url] IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/p/?LinkId=255141"]http://go.microsoft.com/fwlink/p/?LinkId=255141[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\???????????????????: "URL" = [url="http://start.mysearchdial.com/results.php?f=4&q=%7BsearchTerms%7D&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url] IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=ASUTDF&pc=NP06&src=IE-SearchBox"]http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox[/url] IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [url="http://www.google.com/search?sourceid=ie7&q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&rlz=1I7ASUT"]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url] IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url] IE - HKLM\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [url="http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://asus.msn.com"]http://asus.msn.com[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://asus.msn.com"]http://asus.msn.com[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = [url="http://search.softonic.com/MON00085/tb_v1?q=%7BsearchTerms%7D&SearchSource=4&cc="]http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://www1.delta-search.com/?q=%7BsearchTerms%7D&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266"]http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [url="http://www.google.com/search?sourceid=ie7&q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&rlz=1I7ASUT"]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid="]http://isearch.avg.com/search?cid=[/url]{39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q=%7BsearchTerms%7D&locale=&apn_ptnrs=%5EAAU&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54"]http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = [url="http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search=%7BsearchTerms%7D&i=26"]http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/pbr/pbr_1337255565_676030 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.bing.com"]http://www.bing.com[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com"]http://www.bing.com[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = [url="http://search.softonic.com/MON00085/tb_v1?q=%7BsearchTerms%7D&SearchSource=4&cc="]http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://www1.delta-search.com/?q=%7BsearchTerms%7D&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266"]http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid="]http://isearch.avg.com/search?cid=[/url]{39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q=%7BsearchTerms%7D&locale=&apn_ptnrs=%5EAAU&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54"]http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = [url="http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search=%7BsearchTerms%7D&i=26"]http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url] IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Toggle" FF - prefs.js..browser.search.defaulturl: "[url="http://websearch.mocaflix.com/?l=1&q="]http://websearch.mocaflix.com/?l=1&q="[/url] FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0 FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: 4179 FF - prefs.js..network.proxy.type: FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.startup.homepage: FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions [2013-12-22 08:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions [2013-06-16 09:02:38 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2012-03-09 19:04:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-04-17 21:25:03 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com [2012-11-25 00:11:54 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com [2012-06-23 12:00:28 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com [2013-06-16 09:02:37 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com [2012-03-19 18:42:18 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com [2012-12-18 19:34:01 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-06-16 09:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged [2012-04-17 21:39:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire [2012-05-09 20:38:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire [2012-05-10 18:12:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire [2012-05-09 20:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012-09-07 16:31:24 | 000,002,337 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml [2013-07-14 22:57:03 | 000,006,507 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml [2012-11-25 00:11:58 | 000,002,444 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml [2013-07-14 22:57:30 | 000,001,294 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml [2012-11-25 00:13:23 | 000,002,548 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml [2013-06-16 09:02:36 | 000,000,837 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml [2012-03-19 18:42:15 | 000,002,060 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml [2012-04-12 22:04:10 | 000,003,969 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml [2012-04-17 21:25:12 | 000,000,415 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml [2012-11-05 20:01:57 | 000,000,544 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: [url="http://mystart.incredibar.com/?a=6R8wRCAOLn&loc=skw"]http://mystart.incredibar.com/?a=6R8wRCAOLn&loc=skw[/url] CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: SaveAs = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldbdpifcabigkamfcijfeknijijcddk\2_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\ CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\ CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: SaveAs = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldbdpifcabigkamfcijfeknijijcddk\2_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\ CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found. O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD) O3 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd () O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Google Update] C:\Users\Dawid\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Google Update] C:\Users\Dawid\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [lollipop] c:\users\dawid\appdata\local\lollipop\lollipop.exe () O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe () O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-08-04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III [2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-22 08:32:56 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster [2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher [2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-16 03:05:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-16 03:05:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-16 03:05:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-16 03:05:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-16 03:05:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-16 03:05:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-16 03:05:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-16 03:05:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-16 03:05:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-16 03:05:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-16 03:05:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-16 03:05:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-16 03:05:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-16 03:05:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-16 03:05:18 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl [2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013-12-07 12:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-07 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\InstallShield [2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon [2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games [2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM [2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk [2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords [2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder [2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-12-22 20:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-12-22 20:02:02 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job [2013-12-22 19:56:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job [2013-12-22 19:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job [2013-12-22 19:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-22 08:43:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-22 08:43:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-22 08:33:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-22 08:32:22 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job [2013-12-22 08:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-12-22 08:31:02 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys [2013-12-22 00:14:00 | 000,001,092 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk [2013-12-21 17:41:02 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-12-21 17:41:02 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-12-21 17:41:02 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-12-21 17:41:02 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-12-21 17:41:02 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-12-20 20:34:06 | 000,014,775 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-12-20 20:34:06 | 000,014,775 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3 [2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3 [2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3 [2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html [2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat [2013-06-16 09:02:47 | 000,423,709 | ---- | C] () -- C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS [2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll [2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft [2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA [2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus [2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage [2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity [2012-01-18 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Babylon [2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent [2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon [2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite [2012-10-28 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DefaultTab [2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder [2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla [2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10 [2013-12-22 10:11:16 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG [2013-11-25 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\HoolappForAndroid [2012-07-06 07:59:52 | 000,000,000 | RHSD | M] -- C:\Users\Dawid\AppData\Roaming\install [2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter [2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech [2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient [2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2 [2013-06-16 09:02:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\mysearchdial [2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance [2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM [2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera [2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software [2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin [2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee [2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer [2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot [2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony [2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF [2012-06-06 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Thinstall [2013-12-19 22:53:07 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client [2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 < End of report > [/spoiler] Ref ? ;/
Natsuki Kuga komentarz 24 grudnia 2013 komentarz 24 grudnia 2013 Jest to OTL.txt wyskoczyło mi tylko jedno ;/ Na pewno zaznaczyłeś wszystko tak, jak na podanym obrazku? Czy aby na pewno korzystasz ze wszystkich programów, które są na tych screenach?1. Na początek do deinstalacji: Internet Explorer Toolbar 4.6 by Sweet Packs, Lollipop, MyPC Backup, Mysearchdial, Optimizer Pro1, SweetPacks bundle uninstaller.2. W przeglądarkach poszukaj dodatków i odinstaluj: mysearchdial Toolbar, MySearchDial, DealPly, Browser Companion Helper, Babylon Toolbar, Softonic Toolbar3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1649205658&ir= IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1649205658&ir= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1649205658&ir= IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearc...=1649205658&ir= IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC} IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc= IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...archTerms}&i=26 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 FF - prefs.js..browser.search.defaultthis.engineName: "Toggle" FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...ix.com/?l=1&q=" FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: 4179 FF - prefs.js..browser.search.defaultengine: "Ask.com" [2013-06-16 09:02:38 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2012-03-09 19:04:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-04-17 21:25:03 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com [2012-11-25 00:11:54 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com [2012-06-23 12:00:28 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com [2013-06-16 09:02:37 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com [2012-03-19 18:42:18 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com [2012-12-18 19:34:01 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-06-16 09:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged [2012-04-17 21:39:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire [2012-05-09 20:38:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire [2012-05-10 18:12:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire [2012-05-09 20:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012-09-07 16:31:24 | 000,002,337 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml [2013-07-14 22:57:03 | 000,006,507 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml [2012-11-25 00:11:58 | 000,002,444 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml [2013-07-14 22:57:30 | 000,001,294 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml [2012-11-25 00:13:23 | 000,002,548 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml [2013-06-16 09:02:36 | 000,000,837 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml [2012-03-19 18:42:15 | 000,002,060 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml [2012-04-12 22:04:10 | 000,003,969 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml [2012-04-17 21:25:12 | 000,000,415 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml [2012-11-05 20:01:57 | 000,000,544 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml CHR - homepage: http://mystart.incre...wRCAOLn&loc=skw CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\ CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\ CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\ O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found. O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD) O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD) O3 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd () O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [lollipop] c:\users\dawid\appdata\local\lollipop\lollipop.exe () O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe () O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe :Files C:\ProgramData\Premium C:\Program Files (x86)\Mysearchdial C:\ProgramData\Partner C:\Program Files (x86)\SweetIM E:\WINDOWS\system32\hls13 F:\WINDOWS\system32\hls13 C:\Windows\SysWOW64\hls13 c:\users\dawid\appdata\local\lollipop C:\Users\Dawid\AppData\Roaming\Yontoo C:\Program Files (x86)\BrowserCompanion C:\Program Files (x86)\MyPC Backup C:\Windows\tasks\MySearchDial.job C:\Users\Dawid\AppData\Roaming\Babylon C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job C:\Users\Dawid\AppData\Roaming\DefaultTab C:\Users\Dawid\AppData\Roaming\HoolappForAndroid C:\Users\Dawid\AppData\Roaming\install C:\install C:\Users\Dawid\AppData\Roaming\mysearchdial :Services BackupStack Partner Service :Commands [emptytemp] Pokaż raport.4. Użyj AdwCleaner z opcji Usuń. Pokaż raport.5. Pokaż zestaw nowych logów z OTL + Gmer. 1
Lov3las3K komentarz 25 grudnia 2013 Autor komentarz 25 grudnia 2013 (edytowane) Raport po ponownym włączeniu komputera : [spoiler]All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Toggle" removed from browser.search.defaultthis.engineName Prefs.js: "http://websearch.moc...ix.com/?l=1&q=" removed from browser.search.defaulturl Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http Prefs.js: 4179 removed from network.proxy.http_port Prefs.js: "Ask.com" removed from browser.search.defaultengine C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images\defavs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\css folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules\data folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\tr folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pt_BR folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pl folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\nl folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ja folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\it folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\hi folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\fr folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\es folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\en-US folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\de folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ar folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts\resources folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\tabs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults\favs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\css folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\components folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\components folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\META-INF folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com folder moved successfully. Folder C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com\ not found. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged\50980e5323974@50980e53239ad.com\content folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged\50980e5323974@50980e53239ad.com folder moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged folder moved successfully. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire not found. File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire not found. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml moved successfully. C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml moved successfully. Use Chrome's Settings page to change the HomePage. C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 folder moved successfully. C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\Icons folder moved successfully. C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 folder moved successfully. File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0 not found. File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 not found. File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 not found. File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. C:\ProgramData\Partner\Partner64.dll moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. C:\ProgramData\Partner\Partner.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found. File C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}\ not found. File C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully. C:\Program Files (x86)\BrowserCompanion\BCHelper.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg deleted successfully. C:\Windows\SysWOW64\hls13\start.cmd moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg2 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg3 deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ChicaPasswordManager deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ChicaPasswordManager deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop not found. File c:\users\dawid\appdata\local\lollipop\lollipop.exe not found. File move failed. C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk scheduled to be moved on reboot. File C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe not found. File move failed. C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot. File C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. ========== FILES ========== C:\ProgramData\Premium\Setup folder moved successfully. C:\ProgramData\Premium folder moved successfully. File\Folder C:\Program Files (x86)\Mysearchdial not found. C:\ProgramData\Partner folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator folder moved successfully. C:\Program Files (x86)\SweetIM folder moved successfully. File\Folder E:\WINDOWS\system32\hls13 not found. File\Folder F:\WINDOWS\system32\hls13 not found. C:\Windows\SysWOW64\hls13\Config\Bans folder moved successfully. C:\Windows\SysWOW64\hls13\Config\Advanced folder moved successfully. C:\Windows\SysWOW64\hls13\Config folder moved successfully. C:\Windows\SysWOW64\hls13 folder moved successfully. c:\users\dawid\appdata\local\Lollipop folder moved successfully. File\Folder C:\Users\Dawid\AppData\Roaming\Yontoo not found. C:\Program Files (x86)\BrowserCompanion folder moved successfully. C:\Program Files (x86)\MyPC Backup folder moved successfully. File\Folder C:\Windows\tasks\MySearchDial.job not found. C:\Users\Dawid\AppData\Roaming\Babylon folder moved successfully. C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job moved successfully. C:\Users\Dawid\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully. C:\Users\Dawid\AppData\Roaming\DefaultTab folder moved successfully. C:\Users\Dawid\AppData\Roaming\HoolappForAndroid\UpdateProc folder moved successfully. C:\Users\Dawid\AppData\Roaming\HoolappForAndroid folder moved successfully. C:\Users\Dawid\AppData\Roaming\install folder moved successfully. C:\install folder moved successfully. C:\Users\Dawid\AppData\Roaming\mysearchdial\UpdateProc folder moved successfully. C:\Users\Dawid\AppData\Roaming\mysearchdial\icons_2.2.4.731 folder moved successfully. C:\Users\Dawid\AppData\Roaming\mysearchdial folder moved successfully. ========== SERVICES/DRIVERS ========== Error: No service named BackupStack was found to stop! Service\Driver key BackupStack not found. Service Partner Service stopped successfully! Service Partner Service deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Dawid ->Temp folder emptied: 52685221 bytes ->Temporary Internet Files folder emptied: 3112876 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49604295 bytes ->Google Chrome cache emptied: 372480183 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1996 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15501012 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77744848 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 545,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12252013_013409 Files\Folders moved on Reboot... File\Folder C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk not found! File\Folder C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found! C:\Users\Dawid\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Dawid\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... [/spoiler] Raport z AdwCleaner po ponownym uruchomieniu laptopa : [spoiler]# AdwCleaner v3.016 - Log utworzony 25/12/2013 o 01:45:44 # Aktualizacja 23/12/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Dawid - DAWID-KOMPUTER # Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** [#] Usługa Usunięto : IBUpdaterService [#] Usługa Usunięto : Web Assistant Updater ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\Babylon Folder Usunięto : C:\ProgramData\blekko toolbars Folder Usunięto : C:\ProgramData\boost_interprocess Folder Usunięto : C:\ProgramData\RightClick Folder Usunięto : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\SweetIM Folder Usunięto : C:\ProgramData\Tarma Installer [/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs Folder Usunięto : C:\Program Files (x86)\adawaretb Folder Usunięto : C:\Program Files (x86)\Red Sky Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner Folder Usunięto : C:\Windows\SysWOW64\ARFC Folder Usunięto : C:\Windows\SysWOW64\hotspot shield Folder Usunięto : C:\Windows\SysWOW64\jmdp Folder Usunięto : C:\Windows\SysWOW64\WNLT Folder Usunięto : C:\Windows\System32\ARFC Folder Usunięto : C:\Users\Dawid\AppData\Local\apn Folder Usunięto : C:\Users\Dawid\AppData\Local\DownTango Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\BabylonToolbar Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\incredibar.com Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\Softonic Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Plik Usunięto : C:\Windows\System32\dmwu.exe Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll Plik Usunięto : C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate ***** [ Skróty ] ***** Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Rejestr ] ***** Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\b Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Klucz Usunięto : HKCU\Software\592d6dde16eb815 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Klucz Usunięto : HKCU\Software\anchorfree Klucz Usunięto : HKCU\Software\BabSolution Klucz Usunięto : HKCU\Software\BabylonToolbar Klucz Usunięto : HKCU\Software\BI Klucz Usunięto : HKCU\Software\BrowserCompanion Klucz Usunięto : HKCU\Software\DataMngr Klucz Usunięto : HKCU\Software\DealPly Klucz Usunięto : HKCU\Software\Default Tab Klucz Usunięto : HKCU\Software\DownTango Klucz Usunięto : HKCU\Software\FLEXnet Klucz Usunięto : HKCU\Software\IGearSettings Klucz Usunięto : HKCU\Software\IM Klucz Usunięto : HKCU\Software\ImInstaller Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\lollipop Klucz Usunięto : HKCU\Software\mysearchdial Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\wnlt Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKLM\Software\adawaretb Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\Software\BabylonToolbar Klucz Usunięto : HKLM\Software\BrowserCompanion Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\Software\DealPly Klucz Usunięto : HKLM\Software\Default Tab Klucz Usunięto : HKLM\Software\DownTango Klucz Usunięto : HKLM\Software\InstallCore Klucz Usunięto : HKLM\Software\Softonic Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\Software\Toolbar Cleaner Klucz Usunięto : HKLM\Software\Web Assistant Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v10.0.9200.16750 Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] -\\ Mozilla Firefox v12.0 (pl) [ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ] Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q="); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", ""); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD"); Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl"); Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true); Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true); Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false); Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true); Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc="); Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418"); Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085"); Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.newTab", true); Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc="); Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7"); Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18"); Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}"); -\\ Google Chrome v [ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ] Usunięto : homepage ************************* AdwCleaner[R0].txt - [33303 octets] - [25/12/2013 01:44:31] AdwCleaner[S0].txt - [30297 octets] - [25/12/2013 01:45:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30358 octets] ########## [/spoiler] Logi z OTL : OTL.txt [spoiler]OTL logfile created on: 2013-12-25 01:55:28 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 37,22% Memory free 5,82 Gb Paging File | 3,59 Gb Available in Paging File | 61,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 63,14 Gb Free Space | 52,96% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe========== Modules (No Company Name) ========== MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll========== Services (SafeList) ========== SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ========== DRV:64bit: - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: "" FF - prefs.js..network.proxy.type: FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions [2013-12-25 01:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ========== [2013-12-25 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III [2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster [2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher [2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-16 03:05:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-16 03:05:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-16 03:05:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-16 03:05:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-16 03:05:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-16 03:05:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-16 03:05:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-16 03:05:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-16 03:05:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-16 03:05:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-16 03:05:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-16 03:05:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-16 03:05:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-16 03:05:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-16 03:05:18 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl [2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013-12-07 12:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-07 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\InstallShield [2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon [2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games [2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM [2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk [2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords [2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder [2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe========== Files - Modified Within 30 Days ========== [2013-12-25 01:56:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 01:56:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 01:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job [2013-12-25 01:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-25 01:49:24 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-25 01:49:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-12-25 01:49:08 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys [2013-12-25 01:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-12-25 01:00:04 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-12-25 01:00:04 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-12-25 01:00:04 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-12-25 01:00:04 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-12-25 01:00:04 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-12-24 19:56:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job [2013-12-23 17:31:40 | 000,029,804 | ---- | M] () -- C:\Users\Dawid\Desktop\sdasdasdasdasdasdasd.jpg [2013-12-22 23:05:20 | 001,968,503 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05446.JPG [2013-12-22 23:04:44 | 002,058,823 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.JPG [2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg========== Files Created - No Company Name ========== [2013-12-23 17:31:36 | 000,029,804 | ---- | C] () -- C:\Users\Dawid\Desktop\sdasdasdasdasdasdasd.jpg [2013-12-22 23:05:20 | 001,968,503 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05446.JPG [2013-12-22 23:04:44 | 002,058,823 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.JPG [2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3 [2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3 [2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3 [2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html [2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat [2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS [2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll [2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ========== [2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft [2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA [2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus [2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage [2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity [2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent [2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon [2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite [2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder [2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla [2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10 [2013-12-25 01:52:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG [2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter [2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech [2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient [2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2 [2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance [2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM [2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera [2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software [2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin [2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee [2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer [2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot [2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony [2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF [2013-12-24 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client [2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon========== Purity Check ==================== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 < End of report > [/spoiler] Logi z OTL : Extras.Txt [spoiler]OTL Extras logfile created on: 2013-12-25 01:55:28 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 37,22% Memory free 5,82 Gb Paging File | 3,59 Gb Available in Paging File | 61,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 63,14 Gb Free Space | 52,96% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\] .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1========== Authorized Applications List ==================== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system | "{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system | "{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system | "{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system | "{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system | "{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system | "{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system | "{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system | "{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system | "{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | "{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system | "{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system | "{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system | "{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1CF23CF7-B002-42F1-89CE-A40201CD94DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{369883A3-995B-42C7-8B5B-538684E96F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system | "{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{720ED962-790E-499D-8526-E98B7669AB0E}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{91C38F29-7AFC-4993-B315-931D3FF6ACEF}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B8579589-F234-45D9-A00F-2B4526F588E6}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E3332240-3245-4072-A2EA-1ADE78107C78}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{F1AE002C-B18E-4777-B463-8B5602B794C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe | "TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | "TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin | "TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin | "UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe | "UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe |========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety "{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety "{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety "{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety "{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety "{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze "{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10 "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C0086B27-8E52-42D4-8393-236391EF18F6}" = Heroes of Might and Magic V "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0 "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "avast" = avast! Free Antivirus "AVS Video Editor_is1" = AVS Video Editor 6 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "FileZilla Client" = FileZilla Client 3.6.0.2 "Fraps" = Fraps (remove only) "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Opera 18.0.1284.68" = Opera Stable 18.0.1284.68 "Origin" = Origin "PROPLUS" = Microsoft Office Professional Plus 2007 "PunkBusterSvc" = PunkBuster Services "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uplay" = Uplay "WinRAR archiver" = WinRAR 4.11 (32-bitowy)========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "Counter-Strike" = Counter-Strike "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Hoolapp For Android" = Hoolapp For Android "lollipop" = Lollipop========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-10-06 13:31:49 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program stpass.exe w wersji 2.0.0.8 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: a9c Godzina rozpoczęcia: 01cec2b9af6e4ed3 Godzina zakończenia: 8 Ścieżka aplikacji: C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe Identyfikator raportu: 210bcd4a-2ead-11e3-9d17-742f68b7a266 Error - 2013-10-07 06:56:12 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1cac Godzina rozpoczęcia: 01cec31507b9c177 Godzina zakończenia: 185 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator raportu: Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura czasowa: 0x5235a54b Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000 Identyfikator procesu powodującego błąd: 0x14c8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec33443b2cb7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura czasowa: 0x506d9e00 Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7b96f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00039342 Identyfikator procesu powodującego błąd: 0x1100 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec2b9b4e5f802 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe Ścieżka modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x3208 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec3e653782f10 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 64f74c59-2fda-11e3-9d17-742f68b7a266 Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18229, sygnatura czasowa: 0x51fb1072 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000ce753 Identyfikator procesu powodującego błąd: 0x1570 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec45876523323 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266 Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x890 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4b98cf870eb Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: e2404db8-30af-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2b40 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bcae0a52e8 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: da4b6b3f-30b0-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x4494 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bd9f8384ef Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2c6eed84-30b1-11e3-9d17-742f68b7a266 Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec50931034633 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2901b4eb-30ff-11e3-9d17-742f68b7a266 Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 2c90 Godzina rozpoczęcia: 01cec50bcb1467bc Godzina zakończenia: 605 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator raportu: [ Media Center Events ] Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:03 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:10 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:19 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:33 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:17 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:25 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:35 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:42 - Nie można skontaktować się z serwerem.. [ OSession Events ] Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-12-24 19:56:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi Atheros Bt&Wlan Coex Agent. Error - 2013-12-24 19:56:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi lmhosts. Error - 2013-12-24 19:56:19 | Computer Name = Dawid-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2013-12-24 20:34:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa ASLDR Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-24 20:37:25 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu: %%2 Error - 2013-12-24 20:37:25 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2013-12-24 20:37:54 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ATKWMIACPIIO Error - 2013-12-24 20:49:13 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu: %%2 Error - 2013-12-24 20:49:13 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2013-12-24 20:49:16 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ATKWMIACPIIO < End of report > [/spoiler] LOGI Gmer : [spoiler]GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-25 02:24:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 907trvo9.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\awddikob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033f7000 8 bytes [00, 00, 29, 02, 54, 64, 78, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f7010 48 bytes [00, 04, 00, 00, 02, 00, 00, ...] .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88010ed8d8c 12 bytes {MOV RAX, 0xfffffa80062d02a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 000000014a500460 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 000000014a500450 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 000000014a500370 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 000000014a500470 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 000000014a5003e0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 000000014a500320 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 000000014a5003b0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 000000014a500390 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 000000014a5002e0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 000000014a5002d0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 000000014a500310 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 000000014a5003c0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 000000014a5003f0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 000000014a500230 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 000000014a500480 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 000000014a5003a0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 000000014a5002f0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 000000014a500350 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 000000014a500290 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 000000014a5002b0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 000000014a5003d0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 000000014a500330 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 000000014a500410 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 000000014a500240 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 000000014a5001e0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 000000014a500250 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 000000014a500490 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 000000014a5004a0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 000000014a500300 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 000000014a500360 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 000000014a5002a0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 000000014a5002c0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 000000014a500380 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 000000014a500340 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 000000014a500440 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 000000014a500260 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 000000014a500270 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 000000014a500400 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 000000014a5001f0 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 000000014a500210 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 000000014a500200 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 000000014a500420 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 000000014a500430 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 000000014a500220 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 000000014a500280 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\System32\svchost.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\system32\taskhost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[3100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ff3b10 5 bytes JMP 000000010012075c .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ff7ac0 5 bytes JMP 00000001001203a4 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077021430 5 bytes JMP 0000000100120b14 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077021490 5 bytes JMP 0000000100120ecc .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 000000010012163c .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770217b0 5 bytes JMP 0000000100121284 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 00000001001219f4 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220 .text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ff3b10 5 bytes JMP 00000001002b075c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ff7ac0 5 bytes JMP 00000001002b03a4 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077021430 5 bytes JMP 00000001002b0b14 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077021490 5 bytes JMP 00000001002b0ecc .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001002b163c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770217b0 5 bytes JMP 00000001002b1284 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 00000001002b19f4 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe5d6e00 5 bytes JMP 000007ff7e5f1dac .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe5d6f2c 5 bytes JMP 000007ff7e5f0ecc .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe5d7220 5 bytes JMP 000007ff7e5f1284 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe5d739c 5 bytes JMP 000007ff7e5f163c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe5d7538 5 bytes JMP 000007ff7e5f19f4 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5d75e8 5 bytes JMP 000007ff7e5f03a4 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5d790c 5 bytes JMP 000007ff7e5f075c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5d7ab4 5 bytes JMP 000007ff7e5f0b14 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000771cf8f0 5 bytes JMP 00000001028a0914 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000771cf928 5 bytes JMP 0000000102b708ec .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000771cf9e0 5 bytes JMP 00000001028a096c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 00000000771cfa10 5 bytes JMP 00000001028a09c4 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000771cfa28 5 bytes JMP 00000001029c0a14 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000771cfa40 5 bytes JMP 0000000102b70a74 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000771cfa90 5 bytes JMP 00000001029c0a9c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000771cfaa8 5 bytes JMP 00000001029c0af4 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771cfac0 5 bytes JMP 0000000100030600 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000771cfb40 5 bytes JMP 00000001029c09bc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771cfb58 5 bytes JMP 0000000100030804 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000771cfc38 5 bytes JMP 00000001029c08ac .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000771cfc50 5 bytes JMP 00000001029c0964 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000771cfc80 5 bytes JMP 0000000102b709bc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771cfcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000771cfd4c 5 bytes JMP 0000000102b70a1c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000771cfd64 5 bytes JMP 00000001029c087c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000771cfd98 5 bytes JMP 00000001029c090c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000771cfe44 5 bytes JMP 00000001029c0bfc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000771cfe5c 5 bytes JMP 0000000102b709ec .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile 00000000771cff8c 5 bytes JMP 00000001029c08dc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000771cffa4 5 bytes JMP 00000001028a0a4c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771d0038 5 bytes JMP 0000000100030a08 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection 00000000771d0050 5 bytes JMP 00000001028a09f4 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771d00b4 5 bytes JMP 00000001029c0824 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771d01c4 5 bytes JMP 00000001029c0a44 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000771d09fc 5 bytes JMP 00000001028a0ba4 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000771d0f70 5 bytes JMP 00000001029c0ba4 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771d0f88 5 bytes JMP 00000001028a0b1c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000771d1018 5 bytes JMP 00000001029c0b4c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000771d133c 5 bytes JMP 00000001028a0b74 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771d1920 5 bytes JMP 0000000100030e10 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771ec4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771f1287 5 bytes JMP 00000001000303fc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076c65181 5 bytes JMP 0000000100241014 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076c65254 5 bytes JMP 0000000100240804 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076c653d5 5 bytes JMP 0000000100240a08 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076c654c2 5 bytes JMP 0000000100240c0c .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076c655e2 5 bytes JMP 0000000100240e10 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076c6567c 5 bytes JMP 00000001002401f8 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076c6589f 5 bytes JMP 00000001002403fc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076c65a22 5 bytes JMP 0000000100240600 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075e9ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ea3982 5 bytes JMP 00000001002503fc .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ea7603 5 bytes JMP 0000000100250804 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ea835c 5 bytes JMP 0000000100250600 .text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ebf52b 5 bytes JMP 0000000100250a08 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771cfac0 5 bytes JMP 0000000100030600 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771cfb58 5 bytes JMP 0000000100030804 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771cfcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771d0038 5 bytes JMP 0000000100030a08 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771d1920 5 bytes JMP 0000000100030e10 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771ec4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771f1287 5 bytes JMP 00000001000303fc .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62] .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076c65181 5 bytes JMP 0000000100241014 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076c65254 5 bytes JMP 0000000100240804 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076c653d5 5 bytes JMP 0000000100240a08 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076c654c2 5 bytes JMP 0000000100240c0c .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076c655e2 5 bytes JMP 0000000100240e10 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076c6567c 5 bytes JMP 00000001002401f8 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076c6589f 5 bytes JMP 00000001002403fc .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076c65a22 5 bytes JMP 0000000100240600 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075e9ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ea3982 5 bytes JMP 00000001002503fc .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ea7603 5 bytes JMP 0000000100250804 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ea835c 5 bytes JMP 0000000100250600 .text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ebf52b 5 bytes JMP 0000000100250a08 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800126ff1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800126fcc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800127069c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001270a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880012708f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003d092c0 Device \FileSystem\fastfat \Fat fffffa80093ef2c0 Device \Driver\dtsoftbus01 \Device\0000007e fffffa8005dad2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80062d22c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006e802c0 Device \Driver\cdrom \Device\CdRom1 fffffa8006e802c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B52E32CF-EEAF-4E7B-B442-DC2894AD1DEB} fffffa80062322c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80062d22c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8005dad2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80062d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F} fffffa80062322c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80062322c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80062d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8C876BCE-1978-4F17-87A5-C4BF2A793D67} fffffa80062322c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [448:1532] 000007fef98e59a0 Thread C:\Windows\System32\svchost.exe [448:2504] 000007fefc811a70 Thread C:\Windows\System32\svchost.exe [448:2676] 000007fef6d920c0 Thread C:\Windows\System32\svchost.exe [448:2680] 000007fef6d926a8 Thread C:\Windows\System32\svchost.exe [448:2688] 000007fef6d929dc Thread C:\Windows\System32\svchost.exe [448:2692] 000007fef6d929dc Thread C:\Windows\System32\svchost.exe [448:4280] 000007fef82244e0 Thread C:\Windows\System32\svchost.exe [448:5468] 000007fef26e8a4c Thread C:\Windows\System32\svchost.exe [448:5812] 000007fef84188f8 Thread C:\Windows\system32\svchost.exe [1028:2000] 000007fef318d3c8 Thread C:\Windows\system32\svchost.exe [1028:4580] 000007fef318d3c8 Thread C:\Windows\system32\svchost.exe [1028:1988] 000007fef318d3c8 Thread C:\Windows\system32\svchost.exe [1028:1992] 000007fef318d3c8 Thread C:\Windows\system32\svchost.exe [1312:1432] 000007fef9f7341c Thread C:\Windows\system32\svchost.exe [1312:1436] 000007fef9f73a2c Thread C:\Windows\system32\svchost.exe [1312:1440] 000007fef9f73768 Thread C:\Windows\system32\svchost.exe [1312:1444] 000007fef9f75c20 Thread C:\Windows\system32\svchost.exe [1312:1460] 000007fef9e9bec4 Thread C:\Windows\system32\svchost.exe [1312:2132] 000007fef81283d8 Thread C:\Windows\system32\svchost.exe [1312:2136] 000007fef81283d8 Thread C:\Windows\system32\svchost.exe [1312:2140] 000007fef81283d8 Thread C:\Windows\system32\svchost.exe [1312:2144] 000007fef81283d8 Thread C:\Windows\system32\svchost.exe [1312:2252] 000007fef79b3f1c Thread C:\Windows\system32\svchost.exe [1312:2284] 000007fef79422b8 Thread C:\Windows\system32\svchost.exe [1312:2288] 000007fef7941a38 Thread C:\Windows\system32\svchost.exe [1312:2296] 000007fef7675388 Thread C:\Windows\system32\svchost.exe [1312:2300] 000007fef7657738 Thread C:\Windows\system32\svchost.exe [1312:2312] 000007fef7641f90 Thread C:\Windows\system32\svchost.exe [1312:2940] 000007fef9bc5124 Thread C:\Windows\system32\svchost.exe [1312:5048] 000007fef5635170 Thread C:\Windows\system32\svchost.exe [1312:3996] 000007fef9f73900 Thread C:\Windows\system32\svchost.exe [1512:1864] 000007fefc811a70 Thread C:\Windows\system32\svchost.exe [1512:1884] 000007fefc811a70 Thread C:\Windows\system32\svchost.exe [1512:1904] 000007fefc811a70 Thread C:\Windows\system32\svchost.exe [1512:1920] 000007fef8c52c70 Thread C:\Windows\system32\svchost.exe [1512:1944] 000007fef8c5fb40 Thread C:\Windows\system32\svchost.exe [1512:1952] 000007fef8c71d20 Thread C:\Windows\system32\svchost.exe [1512:1956] 000007fef8c5f6f0 Thread C:\Windows\system32\svchost.exe [1512:1248] 000007fef89035c0 Thread C:\Windows\system32\svchost.exe [1512:2588] 000007fef8905600 Thread C:\Windows\system32\svchost.exe [1512:2780] 000007fef6aa2940 Thread C:\Windows\system32\svchost.exe [1512:3364] 000007fef52c2888 Thread C:\Windows\system32\svchost.exe [1512:3292] 000007fef52c2a40 Thread C:\Windows\System32\spoolsv.exe [1808:3120] 000007fef58a10c8 Thread C:\Windows\System32\spoolsv.exe [1808:3136] 000007fef55e6144 Thread C:\Windows\System32\spoolsv.exe [1808:3140] 000007fef53d5fd0 Thread C:\Windows\System32\spoolsv.exe [1808:3144] 000007fef53c3438 Thread C:\Windows\System32\spoolsv.exe [1808:3152] 000007fef53d63ec Thread C:\Windows\System32\spoolsv.exe [1808:3172] 000007fef5945e5c Thread C:\Windows\System32\spoolsv.exe [1808:3196] 000007fef5975074 Thread C:\Windows\system32\svchost.exe [2888:2924] 000007fef6768470 Thread C:\Windows\system32\svchost.exe [2888:2928] 000007fef6772418 Thread C:\Windows\system32\svchost.exe [2888:2188] 000007fef646f130 Thread C:\Windows\system32\svchost.exe [2888:4012] 000007fef53d5fd0 Thread C:\Windows\system32\svchost.exe [2888:3908] 000007fef53d63ec Thread C:\Windows\system32\svchost.exe [2888:3704] 000007fef6464734 Thread C:\Windows\system32\svchost.exe [2888:5548] 000007fef6464734 Thread C:\Windows\system32\svchost.exe [2888:6092] 000007fef9bc5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5308] 000007fefb442a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5316] 000007fef136d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5732] 000007fef9bc5124 Thread C:\Windows\System32\svchost.exe [4760:864] 000007fef9bc9874 Thread C:\Windows\system32\DllHost.exe [5340:5472] 000007fef121ae40 Thread C:\Windows\System32\svchost.exe [1192:4104] 000007fef08b9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 8 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 26 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 6252439 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@64995d3afac7 0xBA 0x14 0x9C 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@04a82ad10f66 0x07 0x8A 0xC7 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@b8d9ce908dc5 0xFA 0xDF 0xD3 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@0c715d907097 0x0E 0x8C 0xFF 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@LeaseObtainedTime 1387932556 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@T1 1387934356 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@T2 1387935706 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@LeaseTerminatesTime 1387936156 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 8 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 26 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 6252439 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@64995d3afac7 0xBA 0x14 0x9C 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@04a82ad10f66 0x07 0x8A 0xC7 0x55 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@b8d9ce908dc5 0xFA 0xDF 0xD3 0xE4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@0c715d907097 0x0E 0x8C 0xFF 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 ---- EOF - GMER 2.1 ---- [/spoiler] Byłem zmuszony do przywrócenia systemu ponieważ po czyszczeniu przez Gmer laptop nie wykrywał żadnej sieci bezprzewodowej ;/
Natsuki Kuga komentarz 25 grudnia 2013 komentarz 25 grudnia 2013 Byłem zmuszony do przywrócenia systemu ponieważ po czyszczeniu przez Gmer laptop nie wykrywał żadnej sieci bezprzewodowej ;/ Ciekawe, bo Gmer nic nie usuwa, tylko skanuje system, zostawiając raport.. 1. Jeśli w dodaj/usuń programy są te pozycje, odinstaluj je: Hoolapp For Android, Lollipop2. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc= IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " :Files c:\windows\syswow64\arfc c:\program files (x86)\sweetim c:\windows\system32\arfc :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}"=- "{1CF23CF7-B002-42F1-89CE-A40201CD94DB}"=- "{369883A3-995B-42C7-8B5B-538684E96F2B}"=- "{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}"=- "{720ED962-790E-499D-8526-E98B7669AB0E}"=- "{91C38F29-7AFC-4993-B315-931D3FF6ACEF}"=- "{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}"=- "{B8579589-F234-45D9-A00F-2B4526F588E6}"=- "{E3332240-3245-4072-A2EA-1ADE78107C78}"=- "{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}"=- "{F1AE002C-B18E-4777-B463-8B5602B794C4}"=- Pokaż raport.3. Użyj jeszcze raz AdwCleanera. Pokaż raport.4. Pokaż nowe logi. 1
Lov3las3K komentarz 25 grudnia 2013 Autor komentarz 25 grudnia 2013 (edytowane) Hoolapp For Android, Lollipop tych programów nie miałem w liście Logi : ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http ========== FILES ========== c:\windows\syswow64\ARFC folder moved successfully. c:\program files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully. c:\program files (x86)\SweetIM\Communicator\resources folder moved successfully. c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully. c:\program files (x86)\SweetIM\Communicator folder moved successfully. c:\program files (x86)\SweetIM folder moved successfully. File\Folder c:\windows\system32\arfc not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{195BDB48-95CA-4C4C-8B53-2E03FF2988B9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CF23CF7-B002-42F1-89CE-A40201CD94DB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF23CF7-B002-42F1-89CE-A40201CD94DB}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{369883A3-995B-42C7-8B5B-538684E96F2B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369883A3-995B-42C7-8B5B-538684E96F2B}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{720ED962-790E-499D-8526-E98B7669AB0E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{720ED962-790E-499D-8526-E98B7669AB0E}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C38F29-7AFC-4993-B315-931D3FF6ACEF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C38F29-7AFC-4993-B315-931D3FF6ACEF}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8579589-F234-45D9-A00F-2B4526F588E6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8579589-F234-45D9-A00F-2B4526F588E6}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3332240-3245-4072-A2EA-1ADE78107C78} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3332240-3245-4072-A2EA-1ADE78107C78}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1AE002C-B18E-4777-B463-8B5602B794C4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AE002C-B18E-4777-B463-8B5602B794C4}\ not found. OTL by OldTimer - Version 3.2.69.0 log created on 12252013_161552 Raport po użyciu AdwCleanera : [spoiler]# AdwCleaner v3.016 - Log utworzony 25/12/2013 o 01:45:44 # Aktualizacja 23/12/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Dawid - DAWID-KOMPUTER # Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** [#] Usługa Usunięto : IBUpdaterService [#] Usługa Usunięto : Web Assistant Updater ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\Babylon Folder Usunięto : C:\ProgramData\blekko toolbars Folder Usunięto : C:\ProgramData\boost_interprocess Folder Usunięto : C:\ProgramData\RightClick Folder Usunięto : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\SweetIM Folder Usunięto : C:\ProgramData\Tarma Installer [/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs Folder Usunięto : C:\Program Files (x86)\adawaretb Folder Usunięto : C:\Program Files (x86)\Red Sky Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner Folder Usunięto : C:\Windows\SysWOW64\ARFC Folder Usunięto : C:\Windows\SysWOW64\hotspot shield Folder Usunięto : C:\Windows\SysWOW64\jmdp Folder Usunięto : C:\Windows\SysWOW64\WNLT Folder Usunięto : C:\Windows\System32\ARFC Folder Usunięto : C:\Users\Dawid\AppData\Local\apn Folder Usunięto : C:\Users\Dawid\AppData\Local\DownTango Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\BabylonToolbar Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\incredibar.com Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\Softonic Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Plik Usunięto : C:\Windows\System32\dmwu.exe Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll Plik Usunięto : C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate ***** [ Skróty ] ***** Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Rejestr ] ***** Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\b Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Klucz Usunięto : HKCU\Software\592d6dde16eb815 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Klucz Usunięto : HKCU\Software\anchorfree Klucz Usunięto : HKCU\Software\BabSolution Klucz Usunięto : HKCU\Software\BabylonToolbar Klucz Usunięto : HKCU\Software\BI Klucz Usunięto : HKCU\Software\BrowserCompanion Klucz Usunięto : HKCU\Software\DataMngr Klucz Usunięto : HKCU\Software\DealPly Klucz Usunięto : HKCU\Software\Default Tab Klucz Usunięto : HKCU\Software\DownTango Klucz Usunięto : HKCU\Software\FLEXnet Klucz Usunięto : HKCU\Software\IGearSettings Klucz Usunięto : HKCU\Software\IM Klucz Usunięto : HKCU\Software\ImInstaller Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\lollipop Klucz Usunięto : HKCU\Software\mysearchdial Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\wnlt Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKLM\Software\adawaretb Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\Software\BabylonToolbar Klucz Usunięto : HKLM\Software\BrowserCompanion Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\Software\DealPly Klucz Usunięto : HKLM\Software\Default Tab Klucz Usunięto : HKLM\Software\DownTango Klucz Usunięto : HKLM\Software\InstallCore Klucz Usunięto : HKLM\Software\Softonic Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\Software\Toolbar Cleaner Klucz Usunięto : HKLM\Software\Web Assistant Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v10.0.9200.16750 Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] -\\ Mozilla Firefox v12.0 (pl) [ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ] Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q="); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", ""); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD"); Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl"); Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true); Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true); Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false); Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true); Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc="); Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418"); Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085"); Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.newTab", true); Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc="); Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7"); Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18"); Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}"); -\\ Google Chrome v [ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ] Usunięto : homepage ************************* AdwCleaner[R0].txt - [33303 octets] - [25/12/2013 01:44:31] AdwCleaner[S0].txt - [30297 octets] - [25/12/2013 01:45:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30358 octets] ########## # AdwCleaner v3.016 - Log utworzony 25/12/2013 o 16:21:26 # Aktualizacja 23/12/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Dawid - DAWID-KOMPUTER # Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** [#] Usługa Usunięto : IBUpdaterService [#] Usługa Usunięto : Partner Service [#] Usługa Usunięto : Web Assistant Updater ***** [ Pliki / Foldery ] ***** Folder Usunięto : C:\ProgramData\Partner Folder Usunięto : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\Tarma Installer [/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs Folder Usunięto : C:\Program Files (x86)\adawaretb Folder Usunięto : C:\Program Files (x86)\BrowserCompanion Folder Usunięto : C:\Program Files (x86)\MyPC Backup Folder Usunięto : C:\Program Files (x86)\Red Sky Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner Folder Usunięto : C:\Windows\SysWOW64\jmdp Folder Usunięto : C:\Windows\SysWOW64\WNLT Folder Usunięto : C:\Program Files\Web Assistant Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb Folder Usunięto : C:\Users\Dawid\AppData\Roaming\DefaultTab Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mysearchdial Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8} Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\bbrs_002@blabbers.com Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbr@babylon.com Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbr@incredibar.com Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbra@softonic.com Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\staged Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Plik Usunięto : C:\Windows\System32\dmwu.exe Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate ***** [ Skróty ] ***** Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Rejestr ] ***** Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}] Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Klucz Usunięto : HKLM\SOFTWARE\Classes\b Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper] Klucz Usunięto : HKCU\Software\592d6dde16eb815 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Klucz Usunięto : HKCU\Software\anchorfree Klucz Usunięto : HKCU\Software\BabSolution Klucz Usunięto : HKCU\Software\BabylonToolbar Klucz Usunięto : HKCU\Software\BI Klucz Usunięto : HKCU\Software\BrowserCompanion Klucz Usunięto : HKCU\Software\DataMngr Klucz Usunięto : HKCU\Software\DealPly Klucz Usunięto : HKCU\Software\Default Tab Klucz Usunięto : HKCU\Software\DownTango Klucz Usunięto : HKCU\Software\FLEXnet Klucz Usunięto : HKCU\Software\IGearSettings Klucz Usunięto : HKCU\Software\IM Klucz Usunięto : HKCU\Software\ImInstaller Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\lollipop Klucz Usunięto : HKCU\Software\mysearchdial Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\wnlt Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKLM\Software\adawaretb Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\Software\BabylonToolbar Klucz Usunięto : HKLM\Software\BrowserCompanion Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\Software\DealPly Klucz Usunięto : HKLM\Software\Default Tab Klucz Usunięto : HKLM\Software\DownTango Klucz Usunięto : HKLM\Software\InstallCore Klucz Usunięto : HKLM\Software\Softonic Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\Software\Toolbar Cleaner Klucz Usunięto : HKLM\Software\Web Assistant Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Klucz Usunięto : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Klucz Usunięto : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v10.0.9200.16750 Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v12.0 (pl) [ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ] Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q="); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", ""); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06"); Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD"); Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl"); Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true); Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true); Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false); Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true); Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc="); Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266"); Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418"); Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085"); Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.newTab", true); Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc="); Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic"); Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7"); Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome"); Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q="); Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18"); Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}"); Wpis usunięty : user_pref("browser.search.defaultengine", "Ask.com"); -\\ Google Chrome v [ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [70228 octets] - [25/12/2013 01:44:31] AdwCleaner[S0].txt - [63399 octets] - [25/12/2013 01:45:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [63460 octets] ########## [/spoiler] extras.txt [spoiler]OTL Extras logfile created on: 2013-12-25 16:31:54 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 24,11% Memory free 5,82 Gb Paging File | 3,27 Gb Available in Paging File | 56,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 62,11 Gb Free Space | 52,09% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\] .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system | "{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system | "{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system | "{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system | "{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system | "{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system | "{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system | "{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system | "{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system | "{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | "{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system | "{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system | "{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system | "{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system | "{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe | "TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | "TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin | "TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin | "UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe | "UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety "{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety "{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety "{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety "{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety "{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze "{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10 "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0 "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "avast" = avast! Free Antivirus "AVS Video Editor_is1" = AVS Video Editor 6 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "FileZilla Client" = FileZilla Client 3.6.0.2 "Fraps" = Fraps (remove only) "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Opera 18.0.1284.68" = Opera Stable 18.0.1284.68 "Origin" = Origin "PROPLUS" = Microsoft Office Professional Plus 2007 "PunkBusterSvc" = PunkBuster Services "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uplay" = Uplay "WinRAR archiver" = WinRAR 4.11 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "Counter-Strike" = Counter-Strike "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Hoolapp For Android" = Hoolapp For Android "lollipop" = Lollipop [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-10-06 13:31:49 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program stpass.exe w wersji 2.0.0.8 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: a9c Godzina rozpoczęcia: 01cec2b9af6e4ed3 Godzina zakończenia: 8 Ścieżka aplikacji: C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe Identyfikator raportu: 210bcd4a-2ead-11e3-9d17-742f68b7a266 Error - 2013-10-07 06:56:12 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1cac Godzina rozpoczęcia: 01cec31507b9c177 Godzina zakończenia: 185 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator raportu: Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura czasowa: 0x5235a54b Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000 Identyfikator procesu powodującego błąd: 0x14c8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec33443b2cb7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura czasowa: 0x506d9e00 Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7b96f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00039342 Identyfikator procesu powodującego błąd: 0x1100 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec2b9b4e5f802 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe Ścieżka modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x3208 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec3e653782f10 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 64f74c59-2fda-11e3-9d17-742f68b7a266 Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18229, sygnatura czasowa: 0x51fb1072 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000ce753 Identyfikator procesu powodującego błąd: 0x1570 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec45876523323 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266 Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x890 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4b98cf870eb Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: e2404db8-30af-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2b40 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bcae0a52e8 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: da4b6b3f-30b0-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x4494 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bd9f8384ef Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2c6eed84-30b1-11e3-9d17-742f68b7a266 Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec50931034633 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2901b4eb-30ff-11e3-9d17-742f68b7a266 Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 2c90 Godzina rozpoczęcia: 01cec50bcb1467bc Godzina zakończenia: 605 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator raportu: [ Media Center Events ] Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:03 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:10 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:19 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:33 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:17 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:25 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:35 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:42 - Nie można skontaktować się z serwerem.. [ OSession Events ] Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-12-25 11:21:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-25 11:21:28 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 11:21:28 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Instalator modułów systemu Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 11:21:42 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 11:22:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2013-12-25 11:22:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7038 Description = Usługa Spooler nie może zalogować się jako NT AUTHORITY\SYSTEM za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error - 2013-12-25 11:22:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Bufor wydruku z powodu następującego błędu: %%1069 Error - 2013-12-25 11:25:34 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu: %%2 Error - 2013-12-25 11:25:34 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2013-12-25 11:25:43 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ATKWMIACPIIO < End of report > [/spoiler] OTL.txt [spoiler]OTL logfile created on: 2013-12-25 16:31:54 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 24,11% Memory free 5,82 Gb Paging File | 3,27 Gb Available in Paging File | 56,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 62,11 Gb Free Space | 52,09% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe PRC - [2013-12-21 12:28:58 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\xulrunner\gghub.exe PRC - [2013-12-21 12:28:57 | 004,047,424 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe PRC - [2013-12-21 12:28:55 | 000,132,672 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\ggapp.exe PRC - [2013-06-07 10:20:04 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\ggdrive\ggdrive.exe PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-12-21 12:28:59 | 003,006,528 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\xulrunner\mozjs.dll MOD - [2013-12-21 12:28:57 | 000,141,888 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\ggdrive\zlib1.dll MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll MOD - [2013-09-15 08:31:38 | 016,166,248 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:[b]64bit:[/b] - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:[b]64bit:[/b] - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:[b]64bit:[/b] - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:[b]64bit:[/b] - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:[b]64bit:[/b] - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:[b]64bit:[/b] - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:[b]64bit:[/b] - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:[b]64bit:[/b] - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir= IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir= IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Toggle" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: 4179 FF - prefs.js..network.proxy.type: FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions [2013-12-25 16:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd () O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-12-25 16:27:04 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013-12-25 10:01:22 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013-12-25 09:56:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-25 09:56:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-25 09:56:25 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-25 09:56:25 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-25 09:56:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-25 09:56:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-25 09:56:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-25 09:56:24 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-12-25 09:56:24 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-12-25 09:56:24 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-25 09:56:24 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-25 09:56:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-25 09:56:24 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-12-25 09:56:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-25 09:56:24 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013-12-25 09:56:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-12-25 09:56:24 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-25 09:56:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-25 09:56:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-25 09:56:24 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013-12-25 09:56:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-25 09:56:24 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-25 09:56:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-25 09:56:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-25 09:56:24 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-25 09:56:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-25 09:56:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-25 09:56:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-25 09:56:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-25 09:56:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-25 09:56:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-25 09:56:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-25 09:56:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-25 09:56:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-12-25 09:56:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-25 09:56:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-25 09:56:24 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-25 09:56:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-25 09:56:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-25 09:56:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-25 09:56:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-25 09:56:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-25 09:56:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-25 09:56:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-25 09:56:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-25 09:56:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-25 09:56:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-25 09:56:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-25 09:56:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-25 09:56:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-25 09:56:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-25 09:56:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-12-25 09:56:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-25 09:56:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-25 09:56:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-25 09:56:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-25 09:56:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-25 09:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-25 09:56:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-25 09:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013-12-25 09:54:45 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-12-25 09:54:45 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-12-25 09:54:45 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-12-25 09:54:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-12-25 09:54:45 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013-12-25 09:54:45 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013-12-25 09:54:45 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013-12-25 09:54:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-12-25 09:54:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-12-25 09:54:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-12-25 09:54:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-12-25 09:54:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-12-25 09:54:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-12-25 09:53:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-12-25 09:53:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III [2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster [2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher [2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl [2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon [2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games [2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM [2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk [2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords [2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder [2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-12-25 16:32:11 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-12-25 16:32:11 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-12-25 16:32:11 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-12-25 16:32:11 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-12-25 16:32:11 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-12-25 16:31:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 16:31:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-25 16:26:54 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-25 16:26:44 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job [2013-12-25 16:25:45 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013-12-25 16:25:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-12-25 16:25:22 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys [2013-12-25 16:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-12-25 15:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job [2013-12-25 15:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-25 09:56:34 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-25 09:56:34 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-25 09:56:25 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-25 09:56:25 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-25 09:56:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-25 09:56:25 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-25 09:56:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-25 09:56:24 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-12-25 09:56:24 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-12-25 09:56:24 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-25 09:56:24 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-25 09:56:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-25 09:56:24 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-12-25 09:56:24 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-25 09:56:24 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013-12-25 09:56:24 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-12-25 09:56:24 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-25 09:56:24 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-25 09:56:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-25 09:56:24 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013-12-25 09:56:24 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-25 09:56:24 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-25 09:56:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-25 09:56:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-25 09:56:24 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-25 09:56:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-25 09:56:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-25 09:56:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-25 09:56:24 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-25 09:56:24 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-25 09:56:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-25 09:56:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-25 09:56:24 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-25 09:56:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-12-25 09:56:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-25 09:56:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-25 09:56:24 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-25 09:56:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-25 09:56:24 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-25 09:56:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-25 09:56:24 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-25 09:56:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-25 09:56:24 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-25 09:56:24 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-25 09:56:24 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-25 09:56:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-25 09:56:24 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-25 09:56:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-25 09:56:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-25 09:56:24 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-25 09:56:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-25 09:56:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-12-25 09:56:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-25 09:56:24 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-25 09:56:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-25 09:56:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013-12-25 09:56:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-25 09:56:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-25 09:56:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-25 09:56:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013-12-25 09:54:45 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-12-25 09:54:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-12-25 09:54:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-12-25 09:54:45 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-12-25 09:54:45 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013-12-25 09:54:45 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013-12-25 09:54:45 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013-12-25 09:54:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-12-25 09:54:45 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-12-25 09:54:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-12-25 09:54:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-12-25 09:54:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-12-25 09:54:45 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-12-25 09:53:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-12-25 09:53:45 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-12-24 19:56:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job [2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3 [2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3 [2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3 [2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html [2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat [2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS [2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll [2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft [2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA [2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus [2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage [2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity [2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent [2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon [2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite [2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder [2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla [2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10 [2013-12-25 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG [2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter [2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech [2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient [2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2 [2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance [2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM [2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera [2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software [2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin [2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee [2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer [2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot [2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony [2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF [2013-12-25 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client [2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 < End of report > [/spoiler]
Natsuki Kuga komentarz 25 grudnia 2013 komentarz 25 grudnia 2013 Wygląda na to, że przywracanie systemu wróciło i infekcję.. 1. Wykonaj ten skrypt w OTL: :OTL IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1649205658&ir= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle...q={searchTerms} IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearc...=1649205658&ir= IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc= IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119357&tsp=4943 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...archTerms}&i=26 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms} FF - prefs.js..browser.search.defaultthis.engineName: "Toggle" FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: 4179 O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd () O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found Pokaż raport.2. Użyj jeszcze raz AdwCleanera z opcji Usuń. Pokaż raport.3. Pokaż nowe logi z OTL. 1
Lov3las3K komentarz 26 grudnia 2013 Autor komentarz 26 grudnia 2013 (edytowane) ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. Prefs.js: "Toggle" removed from browser.search.defaultthis.engineName Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http Prefs.js: 4179 removed from network.proxy.http_port 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg not found. File C:\Windows\SysWOW64\hls13\start.cmd not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg2 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg3 not found. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android not found. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop not found. Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android not found. OTL by OldTimer - Version 3.2.69.0 log created on 12262013_012954 Raport z AdwCleaner : # AdwCleaner v3.016 - Log utworzony 26/12/2013 o 01:40:09 # Aktualizacja 23/12/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Dawid - DAWID-KOMPUTER # Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe # Opcja : Usuń ***** [ Usługi ] ***** ***** [ Pliki / Foldery ] ***** ***** [ Skróty ] ***** ***** [ Rejestr ] ***** ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v12.0 (pl) [ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ] -\\ Google Chrome v [ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [70228 octets] - [25/12/2013 01:44:31] AdwCleaner[R1].txt - [1025 octets] - [26/12/2013 01:39:14] AdwCleaner[S0].txt - [63853 octets] - [25/12/2013 01:45:44] AdwCleaner[S1].txt - [945 octets] - [26/12/2013 01:40:09] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1004 octets] ########## OTL.txt OTL logfile created on: 2013-12-26 01:46:59 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,93% Memory free 5,82 Gb Paging File | 3,93 Gb Available in Paging File | 67,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 61,72 Gb Free Space | 51,76% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe PRC - [2013-12-12 10:15:39 | 001,392,480 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe PRC - [2013-12-12 10:15:38 | 043,706,208 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ========== Modules (No Company Name) ========== MOD - [2013-12-12 19:18:16 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll MOD - [2013-12-12 10:15:41 | 000,886,624 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\libGLESv2.dll MOD - [2013-12-12 10:15:41 | 000,108,896 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\libEGL.dll MOD - [2013-12-12 10:15:40 | 000,879,968 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll MOD - [2013-12-12 10:15:39 | 001,392,480 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: FF - prefs.js..network.proxy.http: "127.0.0.1:3128 " FF - prefs.js..network.proxy.http_port: "" FF - prefs.js..network.proxy.type: FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions [2013-12-25 16:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-12-26 01:43:02 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013-12-25 10:01:22 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013-12-25 09:56:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-25 09:56:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-25 09:56:25 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-25 09:56:25 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-25 09:56:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-25 09:56:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-25 09:56:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-25 09:56:24 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-12-25 09:56:24 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-12-25 09:56:24 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-25 09:56:24 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-25 09:56:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-25 09:56:24 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-12-25 09:56:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-25 09:56:24 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013-12-25 09:56:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-12-25 09:56:24 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-25 09:56:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-25 09:56:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-25 09:56:24 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013-12-25 09:56:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-25 09:56:24 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-25 09:56:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-25 09:56:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-25 09:56:24 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-25 09:56:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-25 09:56:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-25 09:56:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-25 09:56:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-25 09:56:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-25 09:56:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-25 09:56:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-25 09:56:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-25 09:56:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-12-25 09:56:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-25 09:56:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-25 09:56:24 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-25 09:56:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-25 09:56:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-25 09:56:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-25 09:56:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-25 09:56:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-25 09:56:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-25 09:56:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-25 09:56:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-25 09:56:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-25 09:56:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-25 09:56:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-25 09:56:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-25 09:56:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-25 09:56:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-25 09:56:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-12-25 09:56:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-25 09:56:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-25 09:56:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-25 09:56:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-25 09:56:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-25 09:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-25 09:56:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-25 09:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013-12-25 09:54:45 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-12-25 09:54:45 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-12-25 09:54:45 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-12-25 09:54:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-12-25 09:54:45 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013-12-25 09:54:45 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013-12-25 09:54:45 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013-12-25 09:54:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-12-25 09:54:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-12-25 09:54:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-12-25 09:54:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-12-25 09:54:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-12-25 09:54:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-12-25 09:53:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-12-25 09:53:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III [2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster [2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher [2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl [2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon [2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games [2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM [2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk [2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords [2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder [2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe ========== Files - Modified Within 30 Days ========== [2013-12-26 01:49:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-26 01:49:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-26 01:42:36 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013-12-26 01:42:15 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-26 01:42:01 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job [2013-12-26 01:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-12-26 01:41:36 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys [2013-12-26 01:11:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-12-26 00:56:56 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job [2013-12-26 00:55:26 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-25 20:57:16 | 001,153,260 | ---- | M] () -- C:\Users\Dawid\Desktop\logi.png [2013-12-25 19:56:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job [2013-12-25 16:32:11 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-12-25 16:32:11 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-12-25 16:32:11 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-12-25 16:32:11 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-12-25 16:32:11 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-12-25 09:56:34 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013-12-25 09:56:34 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013-12-25 09:56:25 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013-12-25 09:56:25 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-12-25 09:56:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013-12-25 09:56:25 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013-12-25 09:56:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-12-25 09:56:24 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-12-25 09:56:24 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-12-25 09:56:24 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013-12-25 09:56:24 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013-12-25 09:56:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013-12-25 09:56:24 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013-12-25 09:56:24 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-12-25 09:56:24 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013-12-25 09:56:24 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013-12-25 09:56:24 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013-12-25 09:56:24 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-12-25 09:56:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-12-25 09:56:24 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013-12-25 09:56:24 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-12-25 09:56:24 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013-12-25 09:56:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013-12-25 09:56:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013-12-25 09:56:24 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013-12-25 09:56:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013-12-25 09:56:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-12-25 09:56:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-12-25 09:56:24 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-12-25 09:56:24 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013-12-25 09:56:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013-12-25 09:56:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013-12-25 09:56:24 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013-12-25 09:56:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-12-25 09:56:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013-12-25 09:56:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013-12-25 09:56:24 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013-12-25 09:56:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013-12-25 09:56:24 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013-12-25 09:56:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-12-25 09:56:24 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013-12-25 09:56:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-12-25 09:56:24 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-12-25 09:56:24 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013-12-25 09:56:24 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013-12-25 09:56:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013-12-25 09:56:24 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013-12-25 09:56:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013-12-25 09:56:24 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-12-25 09:56:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013-12-25 09:56:24 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-12-25 09:56:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013-12-25 09:56:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013-12-25 09:56:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013-12-25 09:56:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013-12-25 09:56:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-12-25 09:56:24 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-12-25 09:56:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013-12-25 09:56:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013-12-25 09:56:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013-12-25 09:56:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013-12-25 09:56:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013-12-25 09:56:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013-12-25 09:54:45 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-12-25 09:54:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-12-25 09:54:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-12-25 09:54:45 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-12-25 09:54:45 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013-12-25 09:54:45 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013-12-25 09:54:45 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013-12-25 09:54:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-12-25 09:54:45 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-12-25 09:54:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-12-25 09:54:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-12-25 09:54:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-12-25 09:54:45 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-12-25 09:53:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-12-25 09:53:45 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg ========== Files Created - No Company Name ========== [2013-12-25 20:57:15 | 001,153,260 | ---- | C] () -- C:\Users\Dawid\Desktop\logi.png [2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png [2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg [2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk [2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar [2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg [2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3 [2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3 [2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3 [2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG [2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html [2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat [2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS [2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll [2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft [2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA [2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus [2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage [2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity [2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent [2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon [2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite [2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder [2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla [2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10 [2013-12-26 01:45:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG [2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter [2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech [2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient [2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2 [2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance [2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM [2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera [2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software [2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin [2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee [2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer [2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot [2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony [2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF [2013-12-26 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client [2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 < End of report > Extras.txt OTL Extras logfile created on: 2013-12-26 01:46:59 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,93% Memory free 5,82 Gb Paging File | 3,93 Gb Available in Paging File | 67,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 61,72 Gb Free Space | 51,76% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\<extension>] .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system | "{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system | "{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system | "{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system | "{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system | "{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system | "{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system | "{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system | "{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system | "{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | "{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system | "{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system | "{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system | "{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system | "{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | "{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | "{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | "TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe | "TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | "TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin | "TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | "UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | "UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | "UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin | "UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | "UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | "UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe | "UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | "UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | "UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety "{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety "{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety "{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety "{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety "{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze "{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10 "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0 "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "avast" = avast! Free Antivirus "AVS Video Editor_is1" = AVS Video Editor 6 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "FileZilla Client" = FileZilla Client 3.6.0.2 "Fraps" = Fraps (remove only) "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Opera 18.0.1284.68" = Opera Stable 18.0.1284.68 "Origin" = Origin "PROPLUS" = Microsoft Office Professional Plus 2007 "PunkBusterSvc" = PunkBuster Services "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uplay" = Uplay "WinRAR archiver" = WinRAR 4.11 (32-bitowy) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "Counter-Strike" = Counter-Strike "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Hoolapp For Android" = Hoolapp For Android "lollipop" = Lollipop ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Media Player" = FoxTab Media Player "FoxTab PDF Creator" = FoxTab PDF Creator "FoxTab PDF Reader" = FoxTab PDF Reader "GG" = GG "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura czasowa: 0x5235a54b Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000 Identyfikator procesu powodującego błąd: 0x14c8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec33443b2cb7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura czasowa: 0x506d9e00 Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7b96f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00039342 Identyfikator procesu powodującego błąd: 0x1100 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec2b9b4e5f802 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe Ścieżka modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266 Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x3208 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec3e653782f10 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 64f74c59-2fda-11e3-9d17-742f68b7a266 Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18229, sygnatura czasowa: 0x51fb1072 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000ce753 Identyfikator procesu powodującego błąd: 0x1570 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec45876523323 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266 Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x890 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4b98cf870eb Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: e2404db8-30af-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2b40 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bcae0a52e8 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: da4b6b3f-30b0-11e3-9d17-742f68b7a266 Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x4494 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec4bd9f8384ef Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2c6eed84-30b1-11e3-9d17-742f68b7a266 Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69, sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001347e Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji powodującej błąd: 0x01cec50931034633 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu: 2901b4eb-30ff-11e3-9d17-742f68b7a266 Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002 Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 2c90 Godzina rozpoczęcia: 01cec50bcb1467bc Godzina zakończenia: 605 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator raportu: Error - 2013-10-10 10:27:35 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: adawarebp.exe, wersja: 1.0.1.82, sygnatura czasowa: 0x50aa8d2b Nazwa modułu powodującego błąd: netprofm.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda75 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002505 Identyfikator procesu powodującego błąd: 0x110c Godzina uruchomienia aplikacji powodującej błąd: 0x01cec2b9b553c56d Ścieżka aplikacji powodującej błąd: C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\netprofm.dll Identyfikator raportu: 1b1ad432-31b8-11e3-9d17-742f68b7a266 Error - 2013-10-10 13:58:03 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ Media Center Events ] Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:03 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:10 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:19 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:26 - Nie można skontaktować się z serwerem.. Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:33 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:17 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:25 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:35 - Nie można skontaktować się z serwerem.. Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0 Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:42 - Nie można skontaktować się z serwerem.. [ OSession Events ] Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa HWDeviceService64.exe niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Atheros Bt&Wlan Coex Agent niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 20:40:11 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 20:40:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2013-12-25 20:41:53 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu: %%2 Error - 2013-12-25 20:41:53 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2013-12-25 20:42:35 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ATKWMIACPIIO < End of report >
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.