x-kom hosting

Czyszczenie laptopa HELP !

Lov3las3K
utworzono
utworzono

Cześć dziś postanowiłem wyczyścić laptopa beż żadnych formatów itp... 

Mianowicie mam problem z programami jakie odinstalować żeby nie uszkodzić systemu.  Wrzucę zżuty z ekranu i napiszcie mi pod spodem jakie programy usunąć a jakie zostawić. 

Dobrze by było gdybyście napisali do czego służy jaki program.

Z góry dzięki i dodaje SS. 

1.iw4plc.png

2.2dmcdbk.png

konndzzio
komentarz
komentarz

usuń wszystko z ASUS w nazwie :),, a tak na serio to ja widzę optymizer pro (głupi skubanie) czekaj na Natsuki Kuga, wpada co jakiś czas i załatwia wszystko, i na przyszłość rób logi z programów np. OTL, bo potem taki Natsuki je sprawdza i widzi wszystko co niechciane i sporządza skrypt który jest usunie  

  • Dobra wypowiedź 1
Lov3las3K
komentarz
komentarz

Okey to czekam na Natsuki a co do logów to jak je robić ? 

Lov3las3K
komentarz
komentarz

Jest to OTL.txt wyskoczyło mi tylko jedno ;/
[spoiler]OTL logfile created on: 2013-12-22 20:25:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,91 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 31,44% Memory free
5,82 Gb Paging File | 3,18 Gb Available in Paging File | 54,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 58,52 Gb Free Space | 49,08% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 125,06 Gb Free Space | 81,28% Space Free | Partition Type: NTFS
Drive E: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,45 Gb Total Space | 4,75 Gb Free Space | 63,73% Space Free | Partition Type: FAT32

Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe
PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-01-29 14:28:32 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012-09-19 15:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
PRC - [2011-12-16 07:55:44 | 000,187,696 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013-12-04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011-08-07 12:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013-09-15 13:21:32 | 001,762,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2013-01-29 14:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:[b]64bit:[/b] - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-09-19 23:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-04-01 09:58:44 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:[b]64bit:[/b] - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:[b]64bit:[/b] - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:[b]64bit:[/b] - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:[b]64bit:[/b] - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/p/?LinkId=255141"]http://go.microsoft.com/fwlink/p/?LinkId=255141[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://start.mysearchdial.com/results.php?f=4&q=%7BsearchTerms%7D&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=ASUTDF&pc=NP06&src=IE-SearchBox"]http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/p/?LinkId=255141"]http://go.microsoft.com/fwlink/p/?LinkId=255141[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\???????????????????: "URL" = [url="http://start.mysearchdial.com/results.php?f=4&q=%7BsearchTerms%7D&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir="]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=[/url]
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=ASUTDF&pc=NP06&src=IE-SearchBox"]http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox[/url]
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [url="http://www.google.com/search?sourceid=ie7&q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&rlz=1I7ASUT"]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/url]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url]
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url]
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url]
IE - HKLM\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [url="http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://asus.msn.com"]http://asus.msn.com[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://asus.msn.com"]http://asus.msn.com[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = [url="http://search.softonic.com/MON00085/tb_v1?q=%7BsearchTerms%7D&SearchSource=4&cc="]http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://www1.delta-search.com/?q=%7BsearchTerms%7D&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266"]http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [url="http://www.google.com/search?sourceid=ie7&q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&rlz=1I7ASUT"]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid="]http://isearch.avg.com/search?cid=[/url]{39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q=%7BsearchTerms%7D&locale=&apn_ptnrs=%5EAAU&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54"]http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = [url="http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search=%7BsearchTerms%7D&i=26"]http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/pbr/pbr_1337255565_676030
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.bing.com"]http://www.bing.com[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com"]http://www.bing.com[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = [url="http://search.softonic.com/MON00085/tb_v1?q=%7BsearchTerms%7D&SearchSource=4&cc="]http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://www1.delta-search.com/?q=%7BsearchTerms%7D&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943"]http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266"]http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid="]http://isearch.avg.com/search?cid=[/url]{39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q=%7BsearchTerms%7D"]http://websearch.mocaflix.com/?l=1&q={searchTerms}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q=%7BsearchTerms%7D&locale=&apn_ptnrs=%5EAAU&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54"]http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = [url="http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search=%7BsearchTerms%7D&i=26"]http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q=%7BsearchTerms%7D&barid=%7B1DD03F0B-D85B-4A46-97D8-BE4642B405CC%7D"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = [url="http://search.toggle.com/?lang=pl&q=%7BsearchTerms%7D"]http://search.toggle.com/?lang=pl&q={searchTerms}[/url]
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Toggle"
FF - prefs.js..browser.search.defaulturl: "[url="http://websearch.mocaflix.com/?l=1&q="]http://websearch.mocaflix.com/?l=1&q="[/url]
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "
FF - prefs.js..network.proxy.http_port: 4179
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.startup.homepage:


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions
[2013-12-22 08:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions
[2013-06-16 09:02:38 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2012-03-09 19:04:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012-04-17 21:25:03 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com
[2012-11-25 00:11:54 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com
[2012-06-23 12:00:28 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com
[2013-06-16 09:02:37 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com
[2012-03-19 18:42:18 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com
[2012-12-18 19:34:01 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013-06-16 09:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged
[2012-04-17 21:39:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire
[2012-05-09 20:38:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire
[2012-05-10 18:12:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire
[2012-05-09 20:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012-09-07 16:31:24 | 000,002,337 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml
[2013-07-14 22:57:03 | 000,006,507 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml
[2012-11-25 00:11:58 | 000,002,444 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml
[2013-07-14 22:57:30 | 000,001,294 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml
[2012-11-25 00:13:23 | 000,002,548 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml
[2013-06-16 09:02:36 | 000,000,837 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml
[2012-03-19 18:42:15 | 000,002,060 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml
[2012-04-12 22:04:10 | 000,003,969 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml
[2012-04-17 21:25:12 | 000,000,415 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml
[2012-11-05 20:01:57 | 000,000,544 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [url="http://mystart.incredibar.com/?a=6R8wRCAOLn&loc=skw"]http://mystart.incredibar.com/?a=6R8wRCAOLn&loc=skw[/url]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SaveAs = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldbdpifcabigkamfcijfeknijijcddk\2_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SaveAs = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldbdpifcabigkamfcijfeknijijcddk\2_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found.
O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd ()
O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Google Update] C:\Users\Dawid\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Google Update] C:\Users\Dawid\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [lollipop] c:\users\dawid\appdata\local\lollipop\lollipop.exe ()
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe ()
O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III
[2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-22 08:32:56 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster
[2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher
[2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-16 03:05:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-16 03:05:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-16 03:05:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-16 03:05:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-16 03:05:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-16 03:05:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-16 03:05:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-16 03:05:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-16 03:05:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-16 03:05:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-16 03:05:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-16 03:05:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-16 03:05:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-16 03:05:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-16 03:05:18 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl
[2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-07 12:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-07 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\InstallShield
[2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon
[2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games
[2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM
[2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk
[2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords
[2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder
[2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-12-22 20:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-22 20:02:02 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2013-12-22 19:56:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job
[2013-12-22 19:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job
[2013-12-22 19:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-22 08:43:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-22 08:43:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-22 08:33:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-22 08:32:22 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job
[2013-12-22 08:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-22 08:31:02 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-22 00:14:00 | 000,001,092 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
[2013-12-21 17:41:02 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-21 17:41:02 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-12-21 17:41:02 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-21 17:41:02 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-12-21 17:41:02 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-20 20:34:06 | 000,014,775 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-12-20 20:34:06 | 000,014,775 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3
[2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3
[2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3
[2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat
[2013-06-16 09:02:47 | 000,423,709 | ---- | C] () -- C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS
[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll
[2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft
[2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA
[2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus
[2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage
[2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity
[2012-01-18 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Babylon
[2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent
[2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon
[2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite
[2012-10-28 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DefaultTab
[2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder
[2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla
[2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10
[2013-12-22 10:11:16 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG
[2013-11-25 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\HoolappForAndroid
[2012-07-06 07:59:52 | 000,000,000 | RHSD | M] -- C:\Users\Dawid\AppData\Roaming\install
[2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter
[2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech
[2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient
[2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2
[2013-06-16 09:02:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\mysearchdial
[2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance
[2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM
[2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera
[2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software
[2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin
[2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee
[2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer
[2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot
[2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony
[2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF
[2012-06-06 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Thinstall
[2013-12-19 22:53:07 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client
[2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent
[2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
[/spoiler]

Ref ? ;/

Natsuki Kuga
komentarz
komentarz

Jest to OTL.txt wyskoczyło mi tylko jedno ;/

 

Na pewno zaznaczyłeś wszystko tak, jak na podanym obrazku?

 

Czy aby na pewno korzystasz ze wszystkich programów, które są na tych screenach?


1. Na początek do deinstalacji: Internet Explorer Toolbar 4.6 by Sweet Packs, Lollipop, MyPC Backup, Mysearchdial, Optimizer Pro1, SweetPacks bundle uninstaller.

2. W przeglądarkach poszukaj dodatków i odinstaluj: mysearchdial Toolbar, MySearchDial, DealPly, Browser Companion Helper, Babylon Toolbar, Softonic Toolbar

3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ):


:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1649205658&ir=
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1649205658&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1649205658&ir=
IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearc...=1649205658&ir=
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC}
IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc=
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...archTerms}&i=26
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
FF - prefs.js..browser.search.defaultthis.engineName: "Toggle"
FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...ix.com/?l=1&q="
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "
FF - prefs.js..network.proxy.http_port: 4179
FF - prefs.js..browser.search.defaultengine: "Ask.com"
[2013-06-16 09:02:38 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2012-03-09 19:04:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012-04-17 21:25:03 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com
[2012-11-25 00:11:54 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com
[2012-06-23 12:00:28 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com
[2013-06-16 09:02:37 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com
[2012-03-19 18:42:18 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com
[2012-12-18 19:34:01 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013-06-16 09:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged
[2012-04-17 21:39:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire
[2012-05-09 20:38:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire
[2012-05-10 18:12:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012-05-09 20:38:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire
[2012-05-09 20:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012-05-09 12:50:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012-09-07 16:31:24 | 000,002,337 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml
[2013-07-14 22:57:03 | 000,006,507 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml
[2012-11-25 00:11:58 | 000,002,444 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml
[2013-07-14 22:57:30 | 000,001,294 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml
[2012-11-25 00:13:23 | 000,002,548 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml
[2013-06-16 09:02:36 | 000,000,837 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml
[2012-03-19 18:42:15 | 000,002,060 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml
[2012-04-12 22:04:10 | 000,003,969 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml
[2012-04-17 21:25:12 | 000,000,415 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml
[2012-11-05 20:01:57 | 000,000,544 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml
CHR - homepage: http://mystart.incre...wRCAOLn&loc=skw
CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: MySearchDial Nowa karta = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0\
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found.
O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd ()
O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [lollipop] c:\users\dawid\appdata\local\lollipop\lollipop.exe ()
O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk = C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe ()
O4 - Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe

:Files
C:\ProgramData\Premium
C:\Program Files (x86)\Mysearchdial
C:\ProgramData\Partner
C:\Program Files (x86)\SweetIM
E:\WINDOWS\system32\hls13
F:\WINDOWS\system32\hls13
C:\Windows\SysWOW64\hls13
c:\users\dawid\appdata\local\lollipop
C:\Users\Dawid\AppData\Roaming\Yontoo
C:\Program Files (x86)\BrowserCompanion
C:\Program Files (x86)\MyPC Backup
C:\Windows\tasks\MySearchDial.job
C:\Users\Dawid\AppData\Roaming\Babylon
C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job
C:\Users\Dawid\AppData\Roaming\DefaultTab
C:\Users\Dawid\AppData\Roaming\HoolappForAndroid
C:\Users\Dawid\AppData\Roaming\install
C:\install
C:\Users\Dawid\AppData\Roaming\mysearchdial

:Services
BackupStack
Partner Service

:Commands
[emptytemp]

Pokaż raport.

4. Użyj AdwCleaner z opcji Usuń. Pokaż raport.

5. Pokaż zestaw nowych logów z OTL + Gmer.

  • Dobra wypowiedź 1
Lov3las3K
komentarz
komentarz (edytowane)

Raport po ponownym włączeniu komputera : 

[spoiler]All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Toggle" removed from browser.search.defaultthis.engineName
Prefs.js: "http://websearch.moc...ix.com/?l=1&q=" removed from browser.search.defaulturl
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http
Prefs.js: 4179 removed from network.proxy.http_port
Prefs.js: "Ask.com" removed from browser.search.defaultengine
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images\defavs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\css folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules\data folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\tr folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pt_BR folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pl folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\nl folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ja folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\it folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\hi folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\fr folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\es folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\en-US folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\de folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ar folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts\resources folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\tabs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults\favs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\css folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\components folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\META-INF folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
Folder C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbr@mysearchdial.com\ not found.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\ffxtlbra@softonic.com folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged\50980e5323974@50980e53239ad.com\content folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged\50980e5323974@50980e53239ad.com folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions\staged folder moved successfully.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ac338ab2efd20cfc2d30c53b8bef7f2_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a0a560c746cc38a757b5705856e77144_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c16a6933da8155d6879e65878cb84260_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb6392e976ee67e75ff1ad21aae0ffca_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire not found.
File C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire not found.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\askcom.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\babylon1.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\delta.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\mngr.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Mysearchdial.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\softonic.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\Toggle.xml moved successfully.
C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\i10f7vfv.default\searchplugins\WebSearch.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 folder moved successfully.
C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\Icons folder moved successfully.
C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 folder moved successfully.
File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0 not found.
File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0 not found.
File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0 not found.
File C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.4_0 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
C:\ProgramData\Partner\Partner64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
C:\ProgramData\Partner\Partner.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}\ not found.
File C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}\ not found.
File C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg deleted successfully.
C:\Windows\SysWOW64\hls13\start.cmd moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg3 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ChicaPasswordManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ChicaPasswordManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop not found.
File c:\users\dawid\appdata\local\lollipop\lollipop.exe not found.
File move failed. C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk scheduled to be moved on reboot.
File C:\Users\Dawid\AppData\Local\Lollipop\Lollipop.exe not found.
File move failed. C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
========== FILES ==========
C:\ProgramData\Premium\Setup folder moved successfully.
C:\ProgramData\Premium folder moved successfully.
File\Folder C:\Program Files (x86)\Mysearchdial not found.
C:\ProgramData\Partner folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
File\Folder E:\WINDOWS\system32\hls13 not found.
File\Folder F:\WINDOWS\system32\hls13 not found.
C:\Windows\SysWOW64\hls13\Config\Bans folder moved successfully.
C:\Windows\SysWOW64\hls13\Config\Advanced folder moved successfully.
C:\Windows\SysWOW64\hls13\Config folder moved successfully.
C:\Windows\SysWOW64\hls13 folder moved successfully.
c:\users\dawid\appdata\local\Lollipop folder moved successfully.
File\Folder C:\Users\Dawid\AppData\Roaming\Yontoo not found.
C:\Program Files (x86)\BrowserCompanion folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
File\Folder C:\Windows\tasks\MySearchDial.job not found.
C:\Users\Dawid\AppData\Roaming\Babylon folder moved successfully.
C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job moved successfully.
C:\Users\Dawid\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully.
C:\Users\Dawid\AppData\Roaming\DefaultTab folder moved successfully.
C:\Users\Dawid\AppData\Roaming\HoolappForAndroid\UpdateProc folder moved successfully.
C:\Users\Dawid\AppData\Roaming\HoolappForAndroid folder moved successfully.
C:\Users\Dawid\AppData\Roaming\install folder moved successfully.
C:\install folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mysearchdial\UpdateProc folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mysearchdial\icons_2.2.4.731 folder moved successfully.
C:\Users\Dawid\AppData\Roaming\mysearchdial folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dawid
->Temp folder emptied: 52685221 bytes
->Temporary Internet Files folder emptied: 3112876 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49604295 bytes
->Google Chrome cache emptied: 372480183 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1996 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15501012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77744848 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 545,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12252013_013409

Files\Folders moved on Reboot...
File\Folder C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk not found!
File\Folder C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
C:\Users\Dawid\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dawid\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
[/spoiler]

Raport z AdwCleaner po ponownym uruchomieniu laptopa :

[spoiler]# AdwCleaner v3.016 - Log utworzony 25/12/2013 o 01:45:44
# Aktualizacja 23/12/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Dawid - DAWID-KOMPUTER
# Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****

[#] Usługa Usunięto : IBUpdaterService
[#] Usługa Usunięto : Web Assistant Updater

***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\ProgramData\Babylon
Folder Usunięto : C:\ProgramData\blekko toolbars
Folder Usunięto : C:\ProgramData\boost_interprocess
Folder Usunięto : C:\ProgramData\RightClick
Folder Usunięto : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\SweetIM
Folder Usunięto : C:\ProgramData\Tarma Installer
[/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Usunięto : C:\Program Files (x86)\adawaretb
Folder Usunięto : C:\Program Files (x86)\Red Sky
Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner
Folder Usunięto : C:\Windows\SysWOW64\ARFC
Folder Usunięto : C:\Windows\SysWOW64\hotspot shield
Folder Usunięto : C:\Windows\SysWOW64\jmdp
Folder Usunięto : C:\Windows\SysWOW64\WNLT
Folder Usunięto : C:\Windows\System32\ARFC
Folder Usunięto : C:\Users\Dawid\AppData\Local\apn
Folder Usunięto : C:\Users\Dawid\AppData\Local\DownTango
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\BabylonToolbar
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\incredibar.com
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\Softonic
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Plik Usunięto : C:\Windows\System32\dmwu.exe
Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll
Plik Usunięto : C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx
Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js
Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Skróty ] *****

Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Rejestr ] *****

Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\b
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Klucz Usunięto : HKCU\Software\592d6dde16eb815
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\anchorfree
Klucz Usunięto : HKCU\Software\BabSolution
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\BI
Klucz Usunięto : HKCU\Software\BrowserCompanion
Klucz Usunięto : HKCU\Software\DataMngr
Klucz Usunięto : HKCU\Software\DealPly
Klucz Usunięto : HKCU\Software\Default Tab
Klucz Usunięto : HKCU\Software\DownTango
Klucz Usunięto : HKCU\Software\FLEXnet
Klucz Usunięto : HKCU\Software\IGearSettings
Klucz Usunięto : HKCU\Software\IM
Klucz Usunięto : HKCU\Software\ImInstaller
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\lollipop
Klucz Usunięto : HKCU\Software\mysearchdial
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\wnlt
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\adawaretb
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\BabylonToolbar
Klucz Usunięto : HKLM\Software\BrowserCompanion
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\DealPly
Klucz Usunięto : HKLM\Software\Default Tab
Klucz Usunięto : HKLM\Software\DownTango
Klucz Usunięto : HKLM\Software\InstallCore
Klucz Usunięto : HKLM\Software\Softonic
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\Toolbar Cleaner
Klucz Usunięto : HKLM\Software\Web Assistant
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer
Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant
Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v10.0.9200.16750

Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v12.0 (pl)

[ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ]

Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", "");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true);
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD");
Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl");
Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true);
Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true);
Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false);
Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true);
Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418");
Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085");
Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.newTab", true);
Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7");
Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18");
Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}");

-\\ Google Chrome v

[ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Usunięto : homepage

*************************

AdwCleaner[R0].txt - [33303 octets] - [25/12/2013 01:44:31]
AdwCleaner[S0].txt - [30297 octets] - [25/12/2013 01:45:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30358 octets] ##########
[/spoiler]

Logi z OTL : 

OTL.txt 

[spoiler]OTL logfile created on: 2013-12-25 01:55:28 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,91 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 37,22% Memory free
5,82 Gb Paging File | 3,59 Gb Available in Paging File | 61,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 63,14 Gb Free Space | 52,96% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe
PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions
[2013-12-25 01:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-12-25 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III
[2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster
[2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher
[2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-16 03:05:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-16 03:05:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-16 03:05:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-16 03:05:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-16 03:05:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-16 03:05:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-16 03:05:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-16 03:05:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-16 03:05:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-16 03:05:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-16 03:05:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-16 03:05:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-16 03:05:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-16 03:05:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-16 03:05:18 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl
[2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-07 12:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-07 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\InstallShield
[2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon
[2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games
[2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM
[2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk
[2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords
[2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder
[2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe

========== Files - Modified Within 30 Days ==========

[2013-12-25 01:56:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 01:56:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 01:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job
[2013-12-25 01:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-25 01:49:24 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-25 01:49:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-25 01:49:08 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-25 01:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-25 01:00:04 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-25 01:00:04 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-12-25 01:00:04 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-25 01:00:04 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-12-25 01:00:04 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-24 19:56:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job
[2013-12-23 17:31:40 | 000,029,804 | ---- | M] () -- C:\Users\Dawid\Desktop\sdasdasdasdasdasdasd.jpg
[2013-12-22 23:05:20 | 001,968,503 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05446.JPG
[2013-12-22 23:04:44 | 002,058,823 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.JPG
[2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

========== Files Created - No Company Name ==========

[2013-12-23 17:31:36 | 000,029,804 | ---- | C] () -- C:\Users\Dawid\Desktop\sdasdasdasdasdasdasd.jpg
[2013-12-22 23:05:20 | 001,968,503 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05446.JPG
[2013-12-22 23:04:44 | 002,058,823 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.JPG
[2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3
[2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3
[2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3
[2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat
[2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS
[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll
[2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft
[2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA
[2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus
[2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage
[2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity
[2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent
[2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon
[2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite
[2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder
[2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla
[2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10
[2013-12-25 01:52:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG
[2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter
[2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech
[2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient
[2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2
[2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance
[2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM
[2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera
[2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software
[2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin
[2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee
[2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer
[2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot
[2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony
[2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF
[2013-12-24 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client
[2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent
[2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
[/spoiler]

Logi z OTL  : 

Extras.Txt 

[spoiler]OTL Extras logfile created on: 2013-12-25 01:55:28 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,91 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 37,22% Memory free
5,82 Gb Paging File | 3,59 Gb Available in Paging File | 61,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 63,14 Gb Free Space | 52,96% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system |
"{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system |
"{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system |
"{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1CF23CF7-B002-42F1-89CE-A40201CD94DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe |
"{369883A3-995B-42C7-8B5B-538684E96F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system |
"{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe |
"{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{720ED962-790E-499D-8526-E98B7669AB0E}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{91C38F29-7AFC-4993-B315-931D3FF6ACEF}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe |
"{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe |
"{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B8579589-F234-45D9-A00F-2B4526F588E6}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe |
"{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3332240-3245-4072-A2EA-1ADE78107C78}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F1AE002C-B18E-4777-B463-8B5602B794C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe |
"TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe |
"TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe |
"TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe |
"TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe |
"TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin |
"TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe |
"TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe |
"TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe |
"TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe |
"TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe |
"UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe |
"UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin |
"UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe |
"UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe |
"UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe |
"UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe |
"UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety
"{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety
"{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety
"{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety
"{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety
"{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C0086B27-8E52-42D4-8393-236391EF18F6}" = Heroes of Might and Magic V
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Opera 18.0.1284.68" = Opera Stable 18.0.1284.68
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Counter-Strike" = Counter-Strike
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Hoolapp For Android" = Hoolapp For Android
"lollipop" = Lollipop

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-10-06 13:31:49 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program stpass.exe w wersji 2.0.0.8 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: a9c Godzina rozpoczęcia: 01cec2b9af6e4ed3 Godzina zakończenia:
8 Ścieżka aplikacji: C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe

Identyfikator
raportu: 210bcd4a-2ead-11e3-9d17-742f68b7a266

Error - 2013-10-07 06:56:12 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 1cac Godzina rozpoczęcia: 01cec31507b9c177 Godzina zakończenia:
185 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator
raportu:

Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura
czasowa: 0x5235a54b Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000
Identyfikator
procesu powodującego błąd: 0x14c8 Godzina uruchomienia aplikacji powodującej błąd:
0x01cec33443b2cb7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266

Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura
czasowa: 0x506d9e00 Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514,
sygnatura czasowa: 0x4ce7b96f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00039342
Identyfikator
procesu powodującego błąd: 0x1100 Godzina uruchomienia aplikacji powodującej błąd:
0x01cec2b9b4e5f802 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
Ścieżka
modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266

Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x3208 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec3e653782f10 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
64f74c59-2fda-11e3-9d17-742f68b7a266

Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: ntdll.dll, wersja:
6.1.7601.18229, sygnatura czasowa: 0x51fb1072 Kod wyjątku: 0xc0000374 Przesunięcie
błędu: 0x000ce753 Identyfikator procesu powodującego błąd: 0x1570 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cec45876523323 Ścieżka aplikacji powodującej błąd:
C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu
powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266

Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”.
Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana
przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x890 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4b98cf870eb Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
e2404db8-30af-11e3-9d17-742f68b7a266

Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x2b40 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4bcae0a52e8 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
da4b6b3f-30b0-11e3-9d17-742f68b7a266

Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x4494 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4bd9f8384ef Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
2c6eed84-30b1-11e3-9d17-742f68b7a266

Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec50931034633 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
2901b4eb-30ff-11e3-9d17-742f68b7a266

Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 2c90 Godzina rozpoczęcia: 01cec50bcb1467bc Godzina zakończenia:
605 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator
raportu:

[ Media Center Events ]
Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:03
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:10
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:19
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:26
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:26
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:33
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:17
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:25
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:35
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:42
- Nie można skontaktować się z serwerem..

[ OSession Events ]
Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2013-12-24 19:56:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi Atheros Bt&Wlan Coex Agent.

Error - 2013-12-24 19:56:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi lmhosts.

Error - 2013-12-24 19:56:19 | Computer Name = Dawid-Komputer | Source = ipnathlp | ID = 31004
Description =

Error - 2013-12-24 20:34:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa ASLDR Service niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1.

Error - 2013-12-24 20:37:25 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu:
%%2

Error - 2013-12-24 20:37:25 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można
uruchomić z powodu następującego błędu: %%2

Error - 2013-12-24 20:37:54 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: ATKWMIACPIIO

Error - 2013-12-24 20:49:13 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu:
%%2

Error - 2013-12-24 20:49:13 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można
uruchomić z powodu następującego błędu: %%2

Error - 2013-12-24 20:49:16 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: ATKWMIACPIIO


< End of report >
[/spoiler]

LOGI Gmer :

[spoiler]GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-25 02:24:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: 907trvo9.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\awddikob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033f7000 8 bytes [00, 00, 29, 02, 54, 64, 78, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f7010 48 bytes [00, 04, 00, 00, 02, 00, 00, ...]
.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88010ed8d8c 12 bytes {MOV RAX, 0xfffffa80062d02a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 000000014a500460
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 000000014a500450
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 000000014a500370
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 000000014a500470
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 000000014a5003e0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 000000014a500320
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 000000014a5003b0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 000000014a500390
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 000000014a5002e0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 000000014a5002d0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 000000014a500310
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 000000014a5003c0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 000000014a5003f0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 000000014a500230
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 000000014a500480
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 000000014a5003a0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 000000014a5002f0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 000000014a500350
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 000000014a500290
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 000000014a5002b0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 000000014a5003d0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 000000014a500330
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 000000014a500410
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 000000014a500240
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 000000014a5001e0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 000000014a500250
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 000000014a500490
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 000000014a5004a0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 000000014a500300
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 000000014a500360
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 000000014a5002a0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 000000014a5002c0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 000000014a500380
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 000000014a500340
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 000000014a500440
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 000000014a500260
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 000000014a500270
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 000000014a500400
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 000000014a5001f0
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 000000014a500210
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 000000014a500200
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 000000014a500420
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 000000014a500430
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 000000014a500220
.text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 000000014a500280
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\services.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\System32\svchost.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\system32\AUDIODG.EXE[1120] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\system32\taskhost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001000703e0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000100070400
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220
.text C:\Windows\Explorer.EXE[3100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280
.text C:\Windows\Explorer.EXE[3100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000000771803e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 0000000077180400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ff3b10 5 bytes JMP 000000010012075c
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ff7ac0 5 bytes JMP 00000001001203a4
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000077180460
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000077180450
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077021430 5 bytes JMP 0000000100120b14
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077021490 5 bytes JMP 0000000100120ecc
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000077180370
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000077180470
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 000000010012163c
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000077180320
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000000771803b0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000077180390
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000000771802e0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000000771802d0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000077180310
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000000771803c0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770217b0 5 bytes JMP 0000000100121284
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000000771803f0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000077180230
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000077180480
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000000771803a0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000000771802f0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000077180350
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000077180290
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000000771802b0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000000771803d0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000077180330
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000077180410
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000077180240
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000000771801e0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000077180250
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000077180490
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000000771804a0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000077180300
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000077180360
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000000771802a0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000000771802c0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000077180380
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000077180340
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000077180440
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000077180260
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000077180270
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 00000001001219f4
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000000771801f0
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000077180210
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000077180200
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000077180420
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000077180430
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000077180220
.text C:\Windows\System32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000077180280
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ff3b10 5 bytes JMP 00000001002b075c
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ff7ac0 5 bytes JMP 00000001002b03a4
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077021360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770213b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077021430 5 bytes JMP 00000001002b0b14
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077021490 5 bytes JMP 00000001002b0ecc
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077021510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077021560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077021570 5 bytes JMP 00000001002b163c
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077021620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077021650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077021670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077021730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077021750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077021790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000770217b0 5 bytes JMP 00000001002b1284
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077021940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077021b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077021b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077021c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077021c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077021c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077021d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077021d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077021d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077021db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077021de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077022160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077022190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770221d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770221e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077022240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077022290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770222c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770222d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770225c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770227c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770227d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770227e0 5 bytes JMP 00000001002b19f4
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770229b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077022a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077022a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077022a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077022aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077022b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe5d6e00 5 bytes JMP 000007ff7e5f1dac
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe5d6f2c 5 bytes JMP 000007ff7e5f0ecc
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe5d7220 5 bytes JMP 000007ff7e5f1284
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe5d739c 5 bytes JMP 000007ff7e5f163c
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe5d7538 5 bytes JMP 000007ff7e5f19f4
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5d75e8 5 bytes JMP 000007ff7e5f03a4
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5d790c 5 bytes JMP 000007ff7e5f075c
.text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5d7ab4 5 bytes JMP 000007ff7e5f0b14
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000771cf8f0 5 bytes JMP 00000001028a0914
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000771cf928 5 bytes JMP 0000000102b708ec
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000771cf9e0 5 bytes JMP 00000001028a096c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 00000000771cfa10 5 bytes JMP 00000001028a09c4
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000771cfa28 5 bytes JMP 00000001029c0a14
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000771cfa40 5 bytes JMP 0000000102b70a74
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000771cfa90 5 bytes JMP 00000001029c0a9c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000771cfaa8 5 bytes JMP 00000001029c0af4
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771cfac0 5 bytes JMP 0000000100030600
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000771cfb40 5 bytes JMP 00000001029c09bc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771cfb58 5 bytes JMP 0000000100030804
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000771cfc38 5 bytes JMP 00000001029c08ac
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000771cfc50 5 bytes JMP 00000001029c0964
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000771cfc80 5 bytes JMP 0000000102b709bc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771cfcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000771cfd4c 5 bytes JMP 0000000102b70a1c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000771cfd64 5 bytes JMP 00000001029c087c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000771cfd98 5 bytes JMP 00000001029c090c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000771cfe44 5 bytes JMP 00000001029c0bfc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000771cfe5c 5 bytes JMP 0000000102b709ec
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile 00000000771cff8c 5 bytes JMP 00000001029c08dc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000771cffa4 5 bytes JMP 00000001028a0a4c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771d0038 5 bytes JMP 0000000100030a08
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection 00000000771d0050 5 bytes JMP 00000001028a09f4
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771d00b4 5 bytes JMP 00000001029c0824
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771d01c4 5 bytes JMP 00000001029c0a44
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000771d09fc 5 bytes JMP 00000001028a0ba4
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000771d0f70 5 bytes JMP 00000001029c0ba4
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771d0f88 5 bytes JMP 00000001028a0b1c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000771d1018 5 bytes JMP 00000001029c0b4c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000771d133c 5 bytes JMP 00000001028a0b74
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771d1920 5 bytes JMP 0000000100030e10
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771ec4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771f1287 5 bytes JMP 00000001000303fc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076c65181 5 bytes JMP 0000000100241014
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076c65254 5 bytes JMP 0000000100240804
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076c653d5 5 bytes JMP 0000000100240a08
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076c654c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076c655e2 5 bytes JMP 0000000100240e10
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076c6567c 5 bytes JMP 00000001002401f8
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076c6589f 5 bytes JMP 00000001002403fc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076c65a22 5 bytes JMP 0000000100240600
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075e9ee09 5 bytes JMP 00000001002501f8
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ea3982 5 bytes JMP 00000001002503fc
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ea7603 5 bytes JMP 0000000100250804
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ea835c 5 bytes JMP 0000000100250600
.text C:\Users\Dawid\Desktop\Invoria.pl\Invoria.pl.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ebf52b 5 bytes JMP 0000000100250a08
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771cfac0 5 bytes JMP 0000000100030600
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771cfb58 5 bytes JMP 0000000100030804
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771cfcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771d0038 5 bytes JMP 0000000100030a08
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771d1920 5 bytes JMP 0000000100030e10
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771ec4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771f1287 5 bytes JMP 00000001000303fc
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007669a2ba 1 byte [62]
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076c65181 5 bytes JMP 0000000100241014
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076c65254 5 bytes JMP 0000000100240804
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076c653d5 5 bytes JMP 0000000100240a08
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076c654c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076c655e2 5 bytes JMP 0000000100240e10
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076c6567c 5 bytes JMP 00000001002401f8
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076c6589f 5 bytes JMP 00000001002403fc
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076c65a22 5 bytes JMP 0000000100240600
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075e9ee09 5 bytes JMP 00000001002501f8
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ea3982 5 bytes JMP 00000001002503fc
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ea7603 5 bytes JMP 0000000100250804
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ea835c 5 bytes JMP 0000000100250600
.text C:\Users\Dawid\Downloads\907trvo9.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ebf52b 5 bytes JMP 0000000100250a08

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800126ff1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800126fcc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800127069c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001270a98] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880012708f4] \SystemRoot\System32\Drivers\sptd.sys [.text]

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs fffffa8003d092c0
Device \FileSystem\fastfat \Fat fffffa80093ef2c0
Device \Driver\dtsoftbus01 \Device\0000007e fffffa8005dad2c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa80062d22c0
Device \Driver\cdrom \Device\CdRom0 fffffa8006e802c0
Device \Driver\cdrom \Device\CdRom1 fffffa8006e802c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B52E32CF-EEAF-4E7B-B442-DC2894AD1DEB} fffffa80062322c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa80062d22c0
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8005dad2c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa80062d22c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F} fffffa80062322c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80062322c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa80062d22c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8C876BCE-1978-4F17-87A5-C4BF2A793D67} fffffa80062322c0

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [448:1532] 000007fef98e59a0
Thread C:\Windows\System32\svchost.exe [448:2504] 000007fefc811a70
Thread C:\Windows\System32\svchost.exe [448:2676] 000007fef6d920c0
Thread C:\Windows\System32\svchost.exe [448:2680] 000007fef6d926a8
Thread C:\Windows\System32\svchost.exe [448:2688] 000007fef6d929dc
Thread C:\Windows\System32\svchost.exe [448:2692] 000007fef6d929dc
Thread C:\Windows\System32\svchost.exe [448:4280] 000007fef82244e0
Thread C:\Windows\System32\svchost.exe [448:5468] 000007fef26e8a4c
Thread C:\Windows\System32\svchost.exe [448:5812] 000007fef84188f8
Thread C:\Windows\system32\svchost.exe [1028:2000] 000007fef318d3c8
Thread C:\Windows\system32\svchost.exe [1028:4580] 000007fef318d3c8
Thread C:\Windows\system32\svchost.exe [1028:1988] 000007fef318d3c8
Thread C:\Windows\system32\svchost.exe [1028:1992] 000007fef318d3c8
Thread C:\Windows\system32\svchost.exe [1312:1432] 000007fef9f7341c
Thread C:\Windows\system32\svchost.exe [1312:1436] 000007fef9f73a2c
Thread C:\Windows\system32\svchost.exe [1312:1440] 000007fef9f73768
Thread C:\Windows\system32\svchost.exe [1312:1444] 000007fef9f75c20
Thread C:\Windows\system32\svchost.exe [1312:1460] 000007fef9e9bec4
Thread C:\Windows\system32\svchost.exe [1312:2132] 000007fef81283d8
Thread C:\Windows\system32\svchost.exe [1312:2136] 000007fef81283d8
Thread C:\Windows\system32\svchost.exe [1312:2140] 000007fef81283d8
Thread C:\Windows\system32\svchost.exe [1312:2144] 000007fef81283d8
Thread C:\Windows\system32\svchost.exe [1312:2252] 000007fef79b3f1c
Thread C:\Windows\system32\svchost.exe [1312:2284] 000007fef79422b8
Thread C:\Windows\system32\svchost.exe [1312:2288] 000007fef7941a38
Thread C:\Windows\system32\svchost.exe [1312:2296] 000007fef7675388
Thread C:\Windows\system32\svchost.exe [1312:2300] 000007fef7657738
Thread C:\Windows\system32\svchost.exe [1312:2312] 000007fef7641f90
Thread C:\Windows\system32\svchost.exe [1312:2940] 000007fef9bc5124
Thread C:\Windows\system32\svchost.exe [1312:5048] 000007fef5635170
Thread C:\Windows\system32\svchost.exe [1312:3996] 000007fef9f73900
Thread C:\Windows\system32\svchost.exe [1512:1864] 000007fefc811a70
Thread C:\Windows\system32\svchost.exe [1512:1884] 000007fefc811a70
Thread C:\Windows\system32\svchost.exe [1512:1904] 000007fefc811a70
Thread C:\Windows\system32\svchost.exe [1512:1920] 000007fef8c52c70
Thread C:\Windows\system32\svchost.exe [1512:1944] 000007fef8c5fb40
Thread C:\Windows\system32\svchost.exe [1512:1952] 000007fef8c71d20
Thread C:\Windows\system32\svchost.exe [1512:1956] 000007fef8c5f6f0
Thread C:\Windows\system32\svchost.exe [1512:1248] 000007fef89035c0
Thread C:\Windows\system32\svchost.exe [1512:2588] 000007fef8905600
Thread C:\Windows\system32\svchost.exe [1512:2780] 000007fef6aa2940
Thread C:\Windows\system32\svchost.exe [1512:3364] 000007fef52c2888
Thread C:\Windows\system32\svchost.exe [1512:3292] 000007fef52c2a40
Thread C:\Windows\System32\spoolsv.exe [1808:3120] 000007fef58a10c8
Thread C:\Windows\System32\spoolsv.exe [1808:3136] 000007fef55e6144
Thread C:\Windows\System32\spoolsv.exe [1808:3140] 000007fef53d5fd0
Thread C:\Windows\System32\spoolsv.exe [1808:3144] 000007fef53c3438
Thread C:\Windows\System32\spoolsv.exe [1808:3152] 000007fef53d63ec
Thread C:\Windows\System32\spoolsv.exe [1808:3172] 000007fef5945e5c
Thread C:\Windows\System32\spoolsv.exe [1808:3196] 000007fef5975074
Thread C:\Windows\system32\svchost.exe [2888:2924] 000007fef6768470
Thread C:\Windows\system32\svchost.exe [2888:2928] 000007fef6772418
Thread C:\Windows\system32\svchost.exe [2888:2188] 000007fef646f130
Thread C:\Windows\system32\svchost.exe [2888:4012] 000007fef53d5fd0
Thread C:\Windows\system32\svchost.exe [2888:3908] 000007fef53d63ec
Thread C:\Windows\system32\svchost.exe [2888:3704] 000007fef6464734
Thread C:\Windows\system32\svchost.exe [2888:5548] 000007fef6464734
Thread C:\Windows\system32\svchost.exe [2888:6092] 000007fef9bc5124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5308] 000007fefb442a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5316] 000007fef136d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4300:5732] 000007fef9bc5124
Thread C:\Windows\System32\svchost.exe [4760:864] 000007fef9bc9874
Thread C:\Windows\system32\DllHost.exe [5340:5472] 000007fef121ae40
Thread C:\Windows\System32\svchost.exe [1192:4104] 000007fef08b9688

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 8
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 26
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 6252439
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@64995d3afac7 0xBA 0x14 0x9C 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@04a82ad10f66 0x07 0x8A 0xC7 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@b8d9ce908dc5 0xFA 0xDF 0xD3 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68b7a266@0c715d907097 0x0E 0x8C 0xFF 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@LeaseObtainedTime 1387932556
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@T1 1387934356
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@T2 1387935706
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}@LeaseTerminatesTime 1387936156
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 8
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 26
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 6252439
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@64995d3afac7 0xBA 0x14 0x9C 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@04a82ad10f66 0x07 0x8A 0xC7 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@b8d9ce908dc5 0xFA 0xDF 0xD3 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68b7a266@0c715d907097 0x0E 0x8C 0xFF 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

---- EOF - GMER 2.1 ----
[/spoiler]


Byłem zmuszony do przywrócenia systemu ponieważ po czyszczeniu przez Gmer laptop nie wykrywał żadnej sieci bezprzewodowej ;/

Natsuki Kuga
komentarz
komentarz

Byłem zmuszony do przywrócenia systemu ponieważ po czyszczeniu przez Gmer laptop nie wykrywał żadnej sieci bezprzewodowej ;/

 

Ciekawe, bo Gmer nic nie usuwa, tylko skanuje system, zostawiając raport..

 

1. Jeśli w dodaj/usuń programy są te pozycje, odinstaluj je: Hoolapp For Android, Lollipop

2. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ):


:OTL
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc=
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "

:Files
c:\windows\syswow64\arfc
c:\program files (x86)\sweetim
c:\windows\system32\arfc

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}"=-
"{1CF23CF7-B002-42F1-89CE-A40201CD94DB}"=-
"{369883A3-995B-42C7-8B5B-538684E96F2B}"=-
"{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}"=-
"{720ED962-790E-499D-8526-E98B7669AB0E}"=-
"{91C38F29-7AFC-4993-B315-931D3FF6ACEF}"=-
"{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}"=-
"{B8579589-F234-45D9-A00F-2B4526F588E6}"=-
"{E3332240-3245-4072-A2EA-1ADE78107C78}"=-
"{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}"=-
"{F1AE002C-B18E-4777-B463-8B5602B794C4}"=-


Pokaż raport.

3. Użyj jeszcze raz AdwCleanera. Pokaż raport.

4. Pokaż nowe logi.

  • Dobra wypowiedź 1
Lov3las3K
komentarz
komentarz (edytowane)

Hoolapp For Android, Lollipop tych programów nie miałem w liście 


Logi : 

========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http
========== FILES ==========
c:\windows\syswow64\ARFC folder moved successfully.
c:\program files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
c:\program files (x86)\SweetIM\Communicator\resources folder moved successfully.
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
c:\program files (x86)\SweetIM\Communicator folder moved successfully.
c:\program files (x86)\SweetIM folder moved successfully.
File\Folder c:\windows\system32\arfc not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{195BDB48-95CA-4C4C-8B53-2E03FF2988B9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{195BDB48-95CA-4C4C-8B53-2E03FF2988B9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CF23CF7-B002-42F1-89CE-A40201CD94DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF23CF7-B002-42F1-89CE-A40201CD94DB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{369883A3-995B-42C7-8B5B-538684E96F2B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369883A3-995B-42C7-8B5B-538684E96F2B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EBA5184-F307-43BD-97A5-ECEFC03CAD5D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{720ED962-790E-499D-8526-E98B7669AB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{720ED962-790E-499D-8526-E98B7669AB0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C38F29-7AFC-4993-B315-931D3FF6ACEF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C38F29-7AFC-4993-B315-931D3FF6ACEF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D0D9CF8-42B0-4DED-874A-C7C8ABCB00DC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8579589-F234-45D9-A00F-2B4526F588E6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8579589-F234-45D9-A00F-2B4526F588E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3332240-3245-4072-A2EA-1ADE78107C78} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3332240-3245-4072-A2EA-1ADE78107C78}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8A0DED6-CD57-4316-BAB3-DDF7530EAED3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1AE002C-B18E-4777-B463-8B5602B794C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AE002C-B18E-4777-B463-8B5602B794C4}\ not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 12252013_161552
 
Raport po użyciu AdwCleanera :
[spoiler]# AdwCleaner v3.016 - Log utworzony 25/12/2013 o 01:45:44
# Aktualizacja 23/12/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Dawid - DAWID-KOMPUTER
# Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****

[#] Usługa Usunięto : IBUpdaterService
[#] Usługa Usunięto : Web Assistant Updater

***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\ProgramData\Babylon
Folder Usunięto : C:\ProgramData\blekko toolbars
Folder Usunięto : C:\ProgramData\boost_interprocess
Folder Usunięto : C:\ProgramData\RightClick
Folder Usunięto : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\SweetIM
Folder Usunięto : C:\ProgramData\Tarma Installer
[/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Usunięto : C:\Program Files (x86)\adawaretb
Folder Usunięto : C:\Program Files (x86)\Red Sky
Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner
Folder Usunięto : C:\Windows\SysWOW64\ARFC
Folder Usunięto : C:\Windows\SysWOW64\hotspot shield
Folder Usunięto : C:\Windows\SysWOW64\jmdp
Folder Usunięto : C:\Windows\SysWOW64\WNLT
Folder Usunięto : C:\Windows\System32\ARFC
Folder Usunięto : C:\Users\Dawid\AppData\Local\apn
Folder Usunięto : C:\Users\Dawid\AppData\Local\DownTango
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\BabylonToolbar
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\incredibar.com
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\Softonic
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Plik Usunięto : C:\Windows\System32\dmwu.exe
Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll
Plik Usunięto : C:\Users\Dawid\AppData\Local\mysearchdial_speedial_v9.0.2.crx
Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js
Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Skróty ] *****

Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Rejestr ] *****

Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\b
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Klucz Usunięto : HKCU\Software\592d6dde16eb815
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\anchorfree
Klucz Usunięto : HKCU\Software\BabSolution
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\BI
Klucz Usunięto : HKCU\Software\BrowserCompanion
Klucz Usunięto : HKCU\Software\DataMngr
Klucz Usunięto : HKCU\Software\DealPly
Klucz Usunięto : HKCU\Software\Default Tab
Klucz Usunięto : HKCU\Software\DownTango
Klucz Usunięto : HKCU\Software\FLEXnet
Klucz Usunięto : HKCU\Software\IGearSettings
Klucz Usunięto : HKCU\Software\IM
Klucz Usunięto : HKCU\Software\ImInstaller
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\lollipop
Klucz Usunięto : HKCU\Software\mysearchdial
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\wnlt
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\adawaretb
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\BabylonToolbar
Klucz Usunięto : HKLM\Software\BrowserCompanion
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\DealPly
Klucz Usunięto : HKLM\Software\Default Tab
Klucz Usunięto : HKLM\Software\DownTango
Klucz Usunięto : HKLM\Software\InstallCore
Klucz Usunięto : HKLM\Software\Softonic
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\Toolbar Cleaner
Klucz Usunięto : HKLM\Software\Web Assistant
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer
Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant
Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v10.0.9200.16750

Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v12.0 (pl)

[ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ]

Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", "");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true);
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD");
Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl");
Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true);
Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true);
Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false);
Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true);
Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418");
Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085");
Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.newTab", true);
Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7");
Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18");
Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}");

-\\ Google Chrome v

[ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Usunięto : homepage

*************************

AdwCleaner[R0].txt - [33303 octets] - [25/12/2013 01:44:31]
AdwCleaner[S0].txt - [30297 octets] - [25/12/2013 01:45:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30358 octets] ##########
# AdwCleaner v3.016 - Log utworzony 25/12/2013 o 16:21:26
# Aktualizacja 23/12/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Dawid - DAWID-KOMPUTER
# Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****

[#] Usługa Usunięto : IBUpdaterService
[#] Usługa Usunięto : Partner Service
[#] Usługa Usunięto : Web Assistant Updater

***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\ProgramData\Partner
Folder Usunięto : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\Tarma Installer
[/!\] Nie Usunięto ( Junction ) : C:\ProgramData\SaveAs
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Usunięto : C:\Program Files (x86)\adawaretb
Folder Usunięto : C:\Program Files (x86)\BrowserCompanion
Folder Usunięto : C:\Program Files (x86)\MyPC Backup
Folder Usunięto : C:\Program Files (x86)\Red Sky
Folder Usunięto : C:\Program Files (x86)\Toolbar Cleaner
Folder Usunięto : C:\Windows\SysWOW64\jmdp
Folder Usunięto : C:\Windows\SysWOW64\WNLT
Folder Usunięto : C:\Program Files\Web Assistant
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\LocalLow\bbrs_002.tb
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\DefaultTab
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mysearchdial
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\thinstall
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\adawaretb
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\bbrs_002@blabbers.com
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbr@babylon.com
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbr@incredibar.com
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\ffxtlbra@softonic.com
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Folder Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\Extensions\staged
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Usunięto : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Plik Usunięto : C:\Windows\System32\dmwu.exe
Plik Usunięto : C:\Windows\System32\ImhxxpComm.dll
Plik Usunięto : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\user.js
Plik Usunięto : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Skróty ] *****

Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Skrót Wyleczono : C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Rejestr ] *****

Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wartość Usunięto : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\b
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Klucz Usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Klucz Usunięto : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Klucz Usunięto : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]
Klucz Usunięto : HKCU\Software\592d6dde16eb815
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_call-of-duty_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_coreldraw_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_gadu-gadu-10_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_juiced-2_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_medal-of-honor-allied-assault_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_minecraft_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_mixxx-portable_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opera_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_pazera-free-audio-extractor_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_teamspeak-3_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ms-gif-animator_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\anchorfree
Klucz Usunięto : HKCU\Software\BabSolution
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\BI
Klucz Usunięto : HKCU\Software\BrowserCompanion
Klucz Usunięto : HKCU\Software\DataMngr
Klucz Usunięto : HKCU\Software\DealPly
Klucz Usunięto : HKCU\Software\Default Tab
Klucz Usunięto : HKCU\Software\DownTango
Klucz Usunięto : HKCU\Software\FLEXnet
Klucz Usunięto : HKCU\Software\IGearSettings
Klucz Usunięto : HKCU\Software\IM
Klucz Usunięto : HKCU\Software\ImInstaller
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\lollipop
Klucz Usunięto : HKCU\Software\mysearchdial
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\wnlt
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\adawaretb
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\BabylonToolbar
Klucz Usunięto : HKLM\Software\BrowserCompanion
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\DealPly
Klucz Usunięto : HKLM\Software\Default Tab
Klucz Usunięto : HKLM\Software\DownTango
Klucz Usunięto : HKLM\Software\InstallCore
Klucz Usunięto : HKLM\Software\Softonic
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\Toolbar Cleaner
Klucz Usunięto : HKLM\Software\Web Assistant
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Tarma Installer
Klucz Usunięto : [x64] HKLM\SOFTWARE\Web Assistant
Klucz Usunięto : [x64] HKLM\SOFTWARE\wnlt
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klucz Usunięto : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Klucz Usunięto : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Klucz Usunięto : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Klucz Usunięto : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v10.0.9200.16750

Ustawienie Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v12.0 (pl)

[ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ]

Wpis usunięty : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Wpis usunięty : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babExt", "");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.hardId", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlDay", "15442");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTab", true);
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110819&tt=290312_bexdll&babsrc=NT_ss&mntrId=2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:58:06");
Wpis usunięty : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Wpis usunięty : user_pref("extensions.softonic_i.aflt", "SD");
Wpis usunięty : user_pref("extensions.softonic_i.dfltLng", "pl");
Wpis usunięty : user_pref("extensions.softonic_i.dfltSrch", true);
Wpis usunięty : user_pref("extensions.softonic_i.dnsErr", true);
Wpis usunięty : user_pref("extensions.softonic_i.excTlbr", false);
Wpis usunięty : user_pref("extensions.softonic_i.hmpg", true);
Wpis usunięty : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=13&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.id", "2484ebdd000000000000742f68b7a266");
Wpis usunięty : user_pref("extensions.softonic_i.instlDay", "15418");
Wpis usunięty : user_pref("extensions.softonic_i.instlRef", "MON00085");
Wpis usunięty : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=2&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.newTab", true);
Wpis usunięty : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=15&cc=");
Wpis usunięty : user_pref("extensions.softonic_i.prdct", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.prtnrId", "softonic");
Wpis usunięty : user_pref("extensions.softonic_i.smplGrp", "eng7");
Wpis usunięty : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrId", "pl12JANdefault_chrome");
Wpis usunięty : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=1&cc=&q=");
Wpis usunięty : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Wpis usunięty : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.518:42:18");
Wpis usunięty : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Wpis usunięty : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}");
Wpis usunięty : user_pref("browser.search.defaultengine", "Ask.com");

-\\ Google Chrome v

[ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [70228 octets] - [25/12/2013 01:44:31]
AdwCleaner[S0].txt - [63399 octets] - [25/12/2013 01:45:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [63460 octets] ##########
[/spoiler]
 
extras.txt 
[spoiler]OTL Extras logfile created on: 2013-12-25 16:31:54 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,91 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 24,11% Memory free
5,82 Gb Paging File | 3,27 Gb Available in Paging File | 56,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 62,11 Gb Free Space | 52,09% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system |
"{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system |
"{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system |
"{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe |
"{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system |
"{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe |
"{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe |
"{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe |
"{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe |
"{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe |
"TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe |
"TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe |
"TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe |
"TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe |
"TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin |
"TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe |
"TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe |
"TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe |
"TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe |
"TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe |
"UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe |
"UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin |
"UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe |
"UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe |
"UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe |
"UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe |
"UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe |
"UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety
"{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety
"{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety
"{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety
"{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety
"{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Opera 18.0.1284.68" = Opera Stable 18.0.1284.68
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Counter-Strike" = Counter-Strike
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Hoolapp For Android" = Hoolapp For Android
"lollipop" = Lollipop

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-10-06 13:31:49 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program stpass.exe w wersji 2.0.0.8 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: a9c Godzina rozpoczęcia: 01cec2b9af6e4ed3 Godzina zakończenia:
8 Ścieżka aplikacji: C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe

Identyfikator
raportu: 210bcd4a-2ead-11e3-9d17-742f68b7a266

Error - 2013-10-07 06:56:12 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 1cac Godzina rozpoczęcia: 01cec31507b9c177 Godzina zakończenia:
185 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator
raportu:

Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura
czasowa: 0x5235a54b Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000000000
Identyfikator
procesu powodującego błąd: 0x14c8 Godzina uruchomienia aplikacji powodującej błąd:
0x01cec33443b2cb7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266

Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura
czasowa: 0x506d9e00 Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514,
sygnatura czasowa: 0x4ce7b96f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00039342
Identyfikator
procesu powodującego błąd: 0x1100 Godzina uruchomienia aplikacji powodującej błąd:
0x01cec2b9b4e5f802 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
Ścieżka
modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266

Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x3208 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec3e653782f10 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
64f74c59-2fda-11e3-9d17-742f68b7a266

Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: ntdll.dll, wersja:
6.1.7601.18229, sygnatura czasowa: 0x51fb1072 Kod wyjątku: 0xc0000374 Przesunięcie
błędu: 0x000ce753 Identyfikator procesu powodującego błąd: 0x1570 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cec45876523323 Ścieżka aplikacji powodującej błąd:
C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe Ścieżka modułu
powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266

Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”.
Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana
przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x890 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4b98cf870eb Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
e2404db8-30af-11e3-9d17-742f68b7a266

Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x2b40 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4bcae0a52e8 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
da4b6b3f-30b0-11e3-9d17-742f68b7a266

Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x4494 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec4bd9f8384ef Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
2c6eed84-30b1-11e3-9d17-742f68b7a266

Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
sygnatura czasowa: 0x524cdedb Nazwa modułu powodującego błąd: lmrn.dll, wersja:
0.0.0.0, sygnatura czasowa: 0x5235a86d Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0001347e Identyfikator procesu powodującego błąd: 0x2638 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cec50931034633 Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll Identyfikator raportu:
2901b4eb-30ff-11e3-9d17-742f68b7a266

Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 2c90 Godzina rozpoczęcia: 01cec50bcb1467bc Godzina zakończenia:
605 Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe Identyfikator
raportu:

[ Media Center Events ]
Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:03
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem. 19:02:10
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:19
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem. 20:02:26
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:26
- Nie można skontaktować się z serwerem..

Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem. 21:06:33
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:17
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem. 17:06:25
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:35
- Nie można skontaktować się z serwerem..

Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem. 18:06:42
- Nie można skontaktować się z serwerem..

[ OSession Events ]
Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2013-12-25 11:21:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2013-12-25 11:21:28 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa udostępniania w sieci programu Windows Media Player
niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund
zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error - 2013-12-25 11:21:28 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Instalator modułów systemu Windows niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom usługę ponownie.

Error - 2013-12-25 11:21:42 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2013-12-25 11:22:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7032
Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom
usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja
nie powiodła się przy następującym błędzie: %%1056.

Error - 2013-12-25 11:22:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa Spooler nie może zalogować się jako NT AUTHORITY\SYSTEM za
pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić
się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie
Microsoft Management Console (MMC).

Error - 2013-12-25 11:22:27 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Bufor wydruku z powodu następującego błędu:
%%1069

Error - 2013-12-25 11:25:34 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu:
%%2

Error - 2013-12-25 11:25:34 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można
uruchomić z powodu następującego błędu: %%2

Error - 2013-12-25 11:25:43 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: ATKWMIACPIIO


< End of report >
[/spoiler]
 
OTL.txt
[spoiler]OTL logfile created on: 2013-12-25 16:31:54 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,91 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 24,11% Memory free
5,82 Gb Paging File | 3,27 Gb Available in Paging File | 56,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 62,11 Gb Free Space | 52,09% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe
PRC - [2013-12-21 12:28:58 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\xulrunner\gghub.exe
PRC - [2013-12-21 12:28:57 | 004,047,424 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe
PRC - [2013-12-21 12:28:55 | 000,132,672 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\ggapp.exe
PRC - [2013-06-07 10:20:04 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Users\Dawid\AppData\Local\GG\Application\ggdrive\ggdrive.exe
PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-12-21 12:28:59 | 003,006,528 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\xulrunner\mozjs.dll
MOD - [2013-12-21 12:28:57 | 000,141,888 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\ggdrive\zlib1.dll
MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013-09-15 08:31:38 | 016,166,248 | ---- | M] () -- C:\Users\Dawid\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:[b]64bit:[/b] - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:[b]64bit:[/b] - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:[b]64bit:[/b] - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:[b]64bit:[/b] - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:[b]64bit:[/b] - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0ByB0AtByCyC0E0B0D0DtN0D0Tzu0SyDtAtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1649205658&ir=
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2484742F68B7A266&affID=119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=201112_1849_4712_8&babsrc=SP_ss&mntrId=2484ebdd000000000000742f68b7a266
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-PO&o=1738&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAU&apn_dtid=^YYYYYY^YY^PL&apn_uid=FF06798B-5D7D-4817-8A87-E338C65EEF6D&apn_sauid=D4135D9E-774F-497C-8851-E179BB5ABF54
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb203?a=6R8wRCAOLn&search={searchTerms}&i=26
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1DD03F0B-D85B-4A46-97D8-BE4642B405CC}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128

IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Toggle"
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "
FF - prefs.js..network.proxy.http_port: 4179
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions
[2013-12-25 16:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd ()
O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-12-25 16:27:04 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013-12-25 10:01:22 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013-12-25 09:56:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013-12-25 09:56:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013-12-25 09:56:25 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013-12-25 09:56:25 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-25 09:56:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013-12-25 09:56:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013-12-25 09:56:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-25 09:56:24 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-25 09:56:24 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-25 09:56:24 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013-12-25 09:56:24 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013-12-25 09:56:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013-12-25 09:56:24 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-25 09:56:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-25 09:56:24 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-25 09:56:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-25 09:56:24 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013-12-25 09:56:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-25 09:56:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-25 09:56:24 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-25 09:56:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-12-25 09:56:24 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013-12-25 09:56:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013-12-25 09:56:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013-12-25 09:56:24 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013-12-25 09:56:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013-12-25 09:56:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-12-25 09:56:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-12-25 09:56:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-25 09:56:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013-12-25 09:56:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013-12-25 09:56:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013-12-25 09:56:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013-12-25 09:56:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-25 09:56:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013-12-25 09:56:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013-12-25 09:56:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013-12-25 09:56:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-25 09:56:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013-12-25 09:56:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-25 09:56:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-12-25 09:56:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013-12-25 09:56:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013-12-25 09:56:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013-12-25 09:56:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-12-25 09:56:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013-12-25 09:56:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-25 09:56:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013-12-25 09:56:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013-12-25 09:56:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-25 09:56:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-25 09:56:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013-12-25 09:56:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013-12-25 09:56:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013-12-25 09:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013-12-25 09:56:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013-12-25 09:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-25 09:54:45 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-12-25 09:54:45 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-12-25 09:54:45 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-12-25 09:54:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-12-25 09:54:45 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-12-25 09:54:45 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-12-25 09:54:45 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-12-25 09:54:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-12-25 09:54:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-12-25 09:54:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-12-25 09:54:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-12-25 09:54:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-12-25 09:54:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-12-25 09:53:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-12-25 09:53:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III
[2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster
[2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher
[2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl
[2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon
[2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games
[2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM
[2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk
[2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords
[2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder
[2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-12-25 16:32:11 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-25 16:32:11 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-12-25 16:32:11 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-25 16:32:11 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-12-25 16:32:11 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-25 16:31:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 16:31:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 16:26:54 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-25 16:26:44 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job
[2013-12-25 16:25:45 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013-12-25 16:25:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-25 16:25:22 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-25 16:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-25 15:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job
[2013-12-25 15:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-25 09:56:34 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013-12-25 09:56:34 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013-12-25 09:56:25 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013-12-25 09:56:25 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-25 09:56:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013-12-25 09:56:25 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013-12-25 09:56:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-25 09:56:24 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-25 09:56:24 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-25 09:56:24 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013-12-25 09:56:24 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013-12-25 09:56:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013-12-25 09:56:24 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-25 09:56:24 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-25 09:56:24 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-25 09:56:24 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-25 09:56:24 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013-12-25 09:56:24 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-25 09:56:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-25 09:56:24 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-25 09:56:24 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-12-25 09:56:24 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013-12-25 09:56:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013-12-25 09:56:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013-12-25 09:56:24 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013-12-25 09:56:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013-12-25 09:56:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-12-25 09:56:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-12-25 09:56:24 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-25 09:56:24 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013-12-25 09:56:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013-12-25 09:56:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013-12-25 09:56:24 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013-12-25 09:56:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-25 09:56:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013-12-25 09:56:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013-12-25 09:56:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013-12-25 09:56:24 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-25 09:56:24 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013-12-25 09:56:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-25 09:56:24 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-12-25 09:56:24 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013-12-25 09:56:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013-12-25 09:56:24 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013-12-25 09:56:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-12-25 09:56:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013-12-25 09:56:24 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-25 09:56:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013-12-25 09:56:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013-12-25 09:56:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-25 09:56:24 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-25 09:56:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013-12-25 09:56:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013-12-25 09:56:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013-12-25 09:56:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013-12-25 09:56:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013-12-25 09:56:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-25 09:54:45 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-12-25 09:54:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-12-25 09:54:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-12-25 09:54:45 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-12-25 09:54:45 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-12-25 09:54:45 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-12-25 09:54:45 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-12-25 09:54:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-12-25 09:54:45 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-12-25 09:54:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-12-25 09:54:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-12-25 09:54:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-12-25 09:54:45 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-12-25 09:53:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-12-25 09:53:45 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-12-24 19:56:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job
[2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3
[2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3
[2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich .mp3
[2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat
[2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS
[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll
[2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft
[2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA
[2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus
[2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage
[2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity
[2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent
[2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon
[2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite
[2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder
[2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla
[2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10
[2013-12-25 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG
[2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter
[2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech
[2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient
[2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2
[2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance
[2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM
[2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera
[2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software
[2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin
[2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee
[2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer
[2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot
[2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony
[2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF
[2013-12-25 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client
[2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent
[2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
[/spoiler]
Natsuki Kuga
komentarz
komentarz

Wygląda na to, że przywracanie systemu wróciło i infekcję..

 

 

1. Wykonaj ten skrypt w OTL:


:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1649205658&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle...q={searchTerms}
IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://start.mysearc...=1649205658&ir=
IE - HKLM\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}: "URL" = http://search.softon...rchSource=4&cc=
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119357&tsp=4943
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://search.babylo...000742f68b7a266
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39771A76-9930-4A67-BB6E-356C379A020A}&mid=ca6c0940bafc47d08662a5662e534b95-03899f354e8ae5230da2d623634bca00e82f2831&lang=en&ds=ft011&pr=sa&d=2012-04-12 23:22:47&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}: "URL" = http://websearch.ask...51-E179BB5ABF54
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...archTerms}&i=26
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-BE4642B405CC}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\???????????????????: "URL" = http://search.toggle...q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "Toggle"
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..network.proxy.http: "127.0.0.1:3128 "
FF - prefs.js..network.proxy.http_port: 4179
O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [msg] C:\Windows\SysWOW64\hls13\start.cmd ()
O4 - HKLM..\Run: [msg2] E:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKLM..\Run: [msg3] F:\WINDOWS\system32\hls13\start.cmd File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Yontoo Desktop] "C:\Users\Dawid\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [Hoolapp Android] "C:\Users\Dawid\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found

Pokaż raport.

2. Użyj jeszcze raz AdwCleanera z opcji Usuń. Pokaż raport.

3. Pokaż nowe logi z OTL.
 

 

 

  • Dobra wypowiedź 1
Lov3las3K
komentarz
komentarz (edytowane)
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E58A8F-CB55-4A81-8DF9-01F337A0F570}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341BF229-9569-C1E9-9DC9-64139B9ED337}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D74B11-F200-455B-8B99-E63E22E77323}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "Toggle" removed from browser.search.defaultthis.engineName
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
Prefs.js: "127.0.0.1:3128 " removed from network.proxy.http
Prefs.js: 4179 removed from network.proxy.http_port
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg not found.
File C:\Windows\SysWOW64\hls13\start.cmd not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg2 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msg3 not found.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android not found.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop not found.
Registry value HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 12262013_012954

 

 

 

 

Raport z AdwCleaner : 

 

 

 

# AdwCleaner v3.016 - Log utworzony 26/12/2013 o 01:40:09
# Aktualizacja 23/12/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Dawid - DAWID-KOMPUTER
# Ścieżka : C:\Users\Dawid\Downloads\adwcleaner.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v12.0 (pl)
 
[ Plik : C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\i10f7vfv.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ Plik : C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [70228 octets] - [25/12/2013 01:44:31]
AdwCleaner[R1].txt - [1025 octets] - [26/12/2013 01:39:14]
AdwCleaner[S0].txt - [63853 octets] - [25/12/2013 01:45:44]
AdwCleaner[S1].txt - [945 octets] - [26/12/2013 01:40:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1004 octets] ##########

OTL.txt 

 

 

 

OTL logfile created on: 2013-12-26 01:46:59 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,93% Memory free
5,82 Gb Paging File | 3,93 Gb Available in Paging File | 67,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 61,72 Gb Free Space | 51,76% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS
 
Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-12-22 13:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe
PRC - [2013-12-12 10:15:39 | 001,392,480 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
PRC - [2013-12-12 10:15:38 | 043,706,208 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
PRC - [2013-05-09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-12-12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-12-12 19:18:16 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013-12-12 10:15:41 | 000,886,624 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\libGLESv2.dll
MOD - [2013-12-12 10:15:41 | 000,108,896 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\libEGL.dll
MOD - [2013-12-12 10:15:40 | 000,879,968 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll
MOD - [2013-12-12 10:15:39 | 001,392,480 | ---- | M] () -- C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
MOD - [2012-11-29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013-05-09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013-12-22 17:32:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-12-12 19:18:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011-03-13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-07-28 10:00:43 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-07-28 10:00:43 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-07-28 10:00:43 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-07-15 19:14:30 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013-07-14 22:59:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-05-09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-05-09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-05-09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-05-09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-05-09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-05-09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013-02-22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012-03-19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-06-02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-06-02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-04-12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011-03-13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-03-13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-03-13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-03-13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-03-13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-03-13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-03-13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-09-23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010-07-01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010-01-21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010-01-21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010-01-21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-02-12 02:59:18 | 000,297,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2008-02-05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{341BF229-9569-C1E9-9DC9-64139B9ED337}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = 
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\..\SearchScopes\㍻䑂㘵㝆ⴴ㝄䐱㐭䈶ⵆ㠹䈳ㄭ㘳㘵㉅〰㑁紸: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms}
IE - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..network.proxy.http: "127.0.0.1:3128  "
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 
FF - prefs.js..browser.startup.homepage: 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawid\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-01-28 13:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions
[2013-12-25 16:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\i10f7vfv.default\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawid\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: AdBlock = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dc1d12ec-e09e-4575-8874-98f7f0d9cc4b.exe (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\Run: [uTorrent] "C:\Users\Dawid\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001..\Run: [GG] C:\Users\Dawid\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\install\server.exe
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1102B127-D699-4E07-97ED-EB4650F0EE23}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C876BCE-1978-4F17-87A5-C4BF2A793D67}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A62BA9-C5B7-4DA2-98D4-FFD92D93775F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{05fc8724-a594-11e1-8762-742f68b7a266}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eac-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{33b43eba-3d91-11e2-8c5e-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f51df0-3f4e-11e1-87a2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell - "" = AutoRun
O33 - MountPoints2\{78033bda-3e02-11e1-8d36-5404a6143be0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5b8907-3df8-11e1-8ded-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{8a8d407c-3603-11e2-84de-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672011-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell - "" = AutoRun
O33 - MountPoints2\{b2672014-4a99-11e1-8298-742f68b7a266}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-12-26 01:43:02 | 000,000,000 | R--D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013-12-25 10:01:22 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013-12-25 09:56:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013-12-25 09:56:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013-12-25 09:56:25 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013-12-25 09:56:25 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-25 09:56:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013-12-25 09:56:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013-12-25 09:56:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-25 09:56:24 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-25 09:56:24 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-25 09:56:24 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013-12-25 09:56:24 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013-12-25 09:56:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013-12-25 09:56:24 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-25 09:56:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-25 09:56:24 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-25 09:56:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-25 09:56:24 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013-12-25 09:56:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013-12-25 09:56:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-25 09:56:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-25 09:56:24 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-25 09:56:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-12-25 09:56:24 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013-12-25 09:56:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013-12-25 09:56:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013-12-25 09:56:24 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013-12-25 09:56:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013-12-25 09:56:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-12-25 09:56:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-12-25 09:56:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-25 09:56:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013-12-25 09:56:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013-12-25 09:56:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013-12-25 09:56:24 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013-12-25 09:56:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-25 09:56:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013-12-25 09:56:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013-12-25 09:56:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013-12-25 09:56:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-25 09:56:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013-12-25 09:56:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-25 09:56:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-12-25 09:56:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013-12-25 09:56:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013-12-25 09:56:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013-12-25 09:56:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-12-25 09:56:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013-12-25 09:56:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013-12-25 09:56:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-25 09:56:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013-12-25 09:56:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013-12-25 09:56:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-25 09:56:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-25 09:56:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013-12-25 09:56:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013-12-25 09:56:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013-12-25 09:56:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013-12-25 09:56:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013-12-25 09:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-25 09:54:45 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-12-25 09:54:45 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-12-25 09:54:45 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-12-25 09:54:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-12-25 09:54:45 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-12-25 09:54:45 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-12-25 09:54:45 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-12-25 09:54:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-12-25 09:54:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-12-25 09:54:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-12-25 09:54:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-12-25 09:54:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-12-25 09:54:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-12-25 09:53:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-12-25 09:53:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-12-25 01:44:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-12-22 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Assassin's Creed III
[2013-12-22 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013-12-22 14:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-20 07:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\PunkBuster
[2013-12-19 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Local\Ubisoft Game Launcher
[2013-12-19 20:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-12-15 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Invoria.pl
[2013-12-13 06:34:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-13 06:34:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-13 06:34:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-13 06:34:33 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-13 06:34:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-13 06:34:32 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-13 06:34:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-13 06:34:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-13 06:34:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-01 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Dreikon
[2013-11-29 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\My Games
[2013-11-29 22:53:55 | 000,000,000 | RH-D | C] -- C:\Users\Dawid\AppData\Roaming\SecuROM
[2013-11-29 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013-11-29 22:12:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013-11-29 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013-11-27 08:00:31 | 000,000,000 | --SD | C] -- C:\Users\Dawid\GG dysk
[2013-11-27 07:57:53 | 000,000,000 | --SD | C] -- C:\Users\Dawid\Documents\Chica Passwords
[2013-11-27 07:57:42 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Documents\Bluetooth Folder
[2013-07-16 22:56:31 | 012,212,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WMFDist11-WindowsXP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013-12-26 01:49:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-26 01:49:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-26 01:42:36 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013-12-26 01:42:15 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-26 01:42:01 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{1929C7D9-EE2A-478F-A5AA-4A3BF2C0A688}.job
[2013-12-26 01:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-26 01:41:36 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-26 01:11:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-26 00:56:56 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001UA.job
[2013-12-26 00:55:26 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-25 20:57:16 | 001,153,260 | ---- | M] () -- C:\Users\Dawid\Desktop\logi.png
[2013-12-25 19:56:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595852630-21996747-1513789104-1001Core.job
[2013-12-25 16:32:11 | 001,702,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-25 16:32:11 | 000,754,480 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-12-25 16:32:11 | 000,667,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-25 16:32:11 | 000,160,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-12-25 16:32:11 | 000,126,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-25 09:56:34 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013-12-25 09:56:34 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013-12-25 09:56:25 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013-12-25 09:56:25 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-25 09:56:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013-12-25 09:56:25 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013-12-25 09:56:25 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-25 09:56:24 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-25 09:56:24 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-25 09:56:24 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013-12-25 09:56:24 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013-12-25 09:56:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013-12-25 09:56:24 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-25 09:56:24 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-12-25 09:56:24 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-25 09:56:24 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-25 09:56:24 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013-12-25 09:56:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013-12-25 09:56:24 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-12-25 09:56:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-25 09:56:24 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-25 09:56:24 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-12-25 09:56:24 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013-12-25 09:56:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013-12-25 09:56:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013-12-25 09:56:24 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013-12-25 09:56:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013-12-25 09:56:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-12-25 09:56:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-12-25 09:56:24 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-25 09:56:24 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013-12-25 09:56:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013-12-25 09:56:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013-12-25 09:56:24 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013-12-25 09:56:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013-12-25 09:56:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-25 09:56:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013-12-25 09:56:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013-12-25 09:56:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013-12-25 09:56:24 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-25 09:56:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013-12-25 09:56:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-12-25 09:56:24 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013-12-25 09:56:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-12-25 09:56:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-12-25 09:56:24 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-12-25 09:56:24 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013-12-25 09:56:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013-12-25 09:56:24 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013-12-25 09:56:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013-12-25 09:56:24 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-12-25 09:56:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013-12-25 09:56:24 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013-12-25 09:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013-12-25 09:56:24 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-12-25 09:56:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013-12-25 09:56:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013-12-25 09:56:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-25 09:56:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013-12-25 09:56:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013-12-25 09:56:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-25 09:56:24 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-12-25 09:56:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013-12-25 09:56:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-12-25 09:56:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013-12-25 09:56:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013-12-25 09:56:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013-12-25 09:56:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013-12-25 09:56:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-25 09:54:45 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-12-25 09:54:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-12-25 09:54:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-12-25 09:54:45 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-12-25 09:54:45 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-12-25 09:54:45 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-12-25 09:54:45 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-12-25 09:54:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-12-25 09:54:45 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-12-25 09:54:45 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-12-25 09:54:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-12-25 09:54:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-12-25 09:54:45 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-12-25 09:53:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013-12-25 09:53:45 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013-12-22 22:42:39 | 002,399,884 | ---- | M] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-22 22:42:39 | 000,017,044 | ---- | M] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 17:32:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-22 17:32:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-22 17:32:47 | 000,001,161 | ---- | M] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-20 16:04:56 | 000,022,341 | ---- | M] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 13:28:08 | 000,000,078 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-12-16 03:28:48 | 000,613,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-15 15:50:08 | 034,698,181 | ---- | M] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-12 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-12 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-12-07 14:13:38 | 000,000,017 | ---- | M] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-11-29 22:32:25 | 000,002,470 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
 
========== Files Created - No Company Name ==========
 
[2013-12-25 20:57:15 | 001,153,260 | ---- | C] () -- C:\Users\Dawid\Desktop\logi.png
[2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-12-25 09:56:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-12-22 22:42:39 | 000,017,044 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel
[2013-12-22 22:42:16 | 002,399,884 | ---- | C] () -- C:\Users\Dawid\Desktop\DSC05443.png
[2013-12-20 16:04:30 | 000,022,341 | ---- | C] () -- C:\Users\Dawid\Desktop\Mikołaj.jpg
[2013-12-20 07:35:51 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-12-19 20:08:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-12-19 20:08:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-12-19 20:08:47 | 000,001,161 | ---- | C] () -- C:\Users\Dawid\Desktop\Uplay.lnk
[2013-12-15 15:32:23 | 034,698,181 | ---- | C] () -- C:\Users\Dawid\Desktop\Dreikon.rar
[2013-12-07 14:13:38 | 000,000,017 | ---- | C] () -- C:\Users\Dawid\AppData\Local\resmon.resmoncfg
[2013-12-03 18:59:14 | 004,463,929 | ---- | C] () -- C:\Users\Dawid\Desktop\Jessica Sutta - Show Me (Roma Pafos Extended Remix).mp3
[2013-12-03 18:59:05 | 003,493,237 | ---- | C] () -- C:\Users\Dawid\Desktop\Linkin Park - Numb ( Novik Bootleg ).mp3
[2013-12-03 18:58:50 | 003,512,978 | ---- | C] () -- C:\Users\Dawid\Desktop\Urbanize - Warten auf dich   .mp3
[2013-11-29 22:32:25 | 000,002,470 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013-09-14 00:52:24 | 000,000,078 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\WB.CFG
[2013-07-16 22:56:31 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2013-07-16 22:56:31 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-dead-island.bat
[2012-11-12 20:33:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012-07-09 18:38:41 | 000,000,338 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\Taxi4.MCS
[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-11 06:14:37 | 000,060,397 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\SQLite3.dll
[2012-06-07 20:46:22 | 001,682,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-01 12:03:13 | 000,003,584 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-18 18:59:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-04-01 10:21:01 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2006-07-17 18:54:10 | 002,920,804 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\logs.dat
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-06-08 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft
[2012-05-21 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\3DFA
[2012-12-18 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ad-Aware Antivirus
[2012-01-09 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ASUS WebStorage
[2013-04-25 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Audacity
[2013-11-25 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitTorrent
[2013-05-20 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Canon
[2013-08-09 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite
[2012-04-20 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Easy MP3 Recorder
[2013-04-02 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FileZilla
[2012-08-20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10
[2013-12-26 01:45:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GG
[2013-03-23 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\IVONA ControlCenter
[2013-07-29 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech
[2013-02-12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient
[2012-05-31 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\LolClient2
[2012-01-09 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nuance
[2012-02-12 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM
[2012-03-27 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera
[2013-08-08 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera Software
[2013-07-29 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin
[2013-08-10 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Screaming Bee
[2012-07-06 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Secure-Soft Stealer
[2012-03-31 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot
[2012-05-17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony
[2012-04-12 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SumatraPDF
[2013-12-26 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client
[2013-11-25 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent
[2012-01-09 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
 
 
 
 
 
 
 
 

Extras.txt 

 

 

OTL Extras logfile created on: 2013-12-26 01:46:59 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dawid\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,93% Memory free
5,82 Gb Paging File | 3,93 Gb Available in Paging File | 67,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 61,72 Gb Free Space | 51,76% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 123,07 Gb Free Space | 79,99% Space Free | Partition Type: NTFS
 
Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CCF656-F454-45EB-B5A9-4783B732C493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E9CB1D5-A824-4DAD-8CF2-3AC33A56D4C3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1962D6C0-BCBA-4A8D-B873-DF3456BD95BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A6604B8-D995-4A68-8A1F-C48C74C204C9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1B18D550-F062-46C0-BD2B-3BF77C15B890}" = rport=139 | protocol=6 | dir=out | app=system | 
"{25D40E5F-73DF-41E9-BC8E-FF607E54FBD5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{28134BE5-DD5E-4679-BA12-9B3B08ADE984}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C4AA212-4A18-450D-8FBF-2A6052E4A7BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{45993E0E-4048-4EE2-BA56-82A3F2AF03B4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4664F37F-1F3E-4729-9525-81A1AED2C27C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5753CECF-748B-48DB-A50E-C4EB95807C31}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A1CD9C1-88B4-4570-82DE-B611379E5AFE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5BE6F439-4176-4880-8A23-735412D0B910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7211957F-4EBF-48BA-BDD6-9E043BBDA293}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72A5D9F0-FBA6-47DF-9447-8D67662F047D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{865C00D9-4F28-4A68-BF75-35779EE0ACE0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8FF324DD-819B-4418-88B9-317BCAA4B4E8}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9590CB97-06AC-40DE-8D30-41F1232D2E18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9674B818-D608-4853-B369-6A621F980426}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B1A26225-A988-47C8-BAC9-2D453E110604}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B5F5B0F7-89F5-4F4D-8550-926B57AA30C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B61F882C-89B9-43E9-801B-13320050CAB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B863F17A-1905-47E1-A7EA-A84A70835F69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BCD784B4-3100-4AED-8E26-81D87A5AEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CA099387-7BEB-4583-B662-DD93A274E2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{CE2798D9-85C2-4901-B499-66381A8A17B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEAD67C1-07DE-4FC0-947E-AEA2602ED2DB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4BCA6DA-06A7-4D0F-85CD-143789058C49}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D83DA242-70FB-40EF-A0EE-3EA9B81498B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E007F3DC-05EB-48AE-B1E1-B2359904CF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E027C1D7-10CA-48A1-A3C6-2D6749D84090}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ECCD325F-A986-4D07-9801-C179451999DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FF0E14E4-C858-4882-BB0F-5B5456352724}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C042C28-F829-487E-8284-C76CD40091F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0E74FD0D-C234-40C7-9AC5-77903587C26A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{1375F035-A86D-41EB-B738-6344C79FDDCB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1BDFCC51-9592-4566-89BA-0A3F5333D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{1D70B460-D6F3-47BF-BCC1-8F9B824D470D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{256D755D-AF10-4322-AB24-D3069791D614}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{2BAF689A-9BF2-4017-AA81-A5DFDC0D0D16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2BB70A1A-0782-403B-951B-980D9ACF7AD8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{2DD0D191-8460-483E-81E9-B2613D1E207B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{2ED6D817-3772-4E36-A362-A4E858B72962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32D9D735-D44C-4F84-9CE6-659F08008ACB}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | 
"{36B1AE81-B6B3-4174-9832-092D0544427B}" = protocol=6 | dir=out | app=system | 
"{36B80DC6-2CB0-41AD-A82F-F91700A09608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{45F00BA3-CBF6-415F-8896-55FAD4D382FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{46817032-37EE-43B3-83BE-B86FB553489A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{48A73102-9441-456F-9B2E-1C1AAAF2C91F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4944CF15-1E6F-42A5-921A-DC9ACEA0600C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{4D5EFFB8-AE84-4590-9305-B92D6B956E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{500F8200-ADE1-42C2-93FE-B7F21B4CD1F1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{551C25D9-C9B6-436E-98C0-7E426776380C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55257465-D9D1-45A9-A4CA-8A5681581232}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{57529D93-9EAE-4D7D-A1C3-8DCD29AAAF53}" = protocol=17 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | 
"{5FE6FC3D-DB21-4978-A0C9-28D24F685216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{685D3A30-A444-4618-99FE-B0E2986160B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6A3B6430-303A-4F3F-9A6B-E4CA0CC9A3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BAFD590-0A29-4337-AA3B-3C8819966B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6FCC56A9-F417-41C4-92A2-FC8350E430C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{752FF1F1-3400-49D6-BE6D-30FE029F2186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BF533DB-16D1-491C-A87D-BD1FC37E578C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81C0B559-34F8-4A43-8D68-DAFCB53F3696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82919574-4D5D-4402-A23A-2C23819BB942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{85A48B7D-7FCA-467B-8BB8-5B6CE850F190}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A73CDAB8-24D3-4E9B-B2CA-0008BB279D54}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A8FF269E-C494-4A4B-9A62-B5E41F5FBB48}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | 
"{ABBF278C-33A9-4D49-B840-5A6EF7877581}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B1DE0E02-CDDC-4898-8288-A6B730DE8AAA}" = protocol=6 | dir=in | app=d:\assassin's creed iii\assassinscreed3.exe | 
"{B290C5CA-9727-4A2E-8C35-2538850F1C81}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B3D475A8-F9D8-4445-B242-A8CCEA8460C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B4DF897F-DD1E-46CF-ACD3-B750EBE9D5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BEECF15A-6E72-4646-9CD4-56D9EB71BA8C}" = protocol=17 | dir=in | app=d:\assassin's creed iii\ac3mp.exe | 
"{C992FCA8-EB4B-49F7-85B3-166E5346D498}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{CB487110-CC9B-473A-8588-7ABC3FCC6F9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CBC0BD40-A3BD-4673-9B79-CE2EE4F96FFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CF3F5077-E123-4DE3-8190-BAAAE8F829E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D2C7E761-8F9C-476E-BFDA-9709433B31F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D7EC7685-94CD-422D-89FF-CA1A8C6BEF8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E23345DB-180D-472D-9EE9-2114CE65C921}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E28ED5A9-9CD9-4DA6-A5E1-9CE18E446031}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E41C9D40-0D47-4405-8D23-E3271C9AD3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E8F9EE5B-B3B1-402E-A340-7DDF5AE4C9C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{F3CE638A-988C-40B1-8D86-50798D3514B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B11D44-1403-4FC5-9829-1C233D5614CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8D9CC58-8A85-41A4-B34A-195D279FDC1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F8FF9840-6318-463B-983F-2F80F23C30F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{FA9BDAE7-0D7F-420E-A480-73959293C4E4}" = protocol=6 | dir=in | app=d:\assassin's creed iii\ac3sp.exe | 
"TCP Query User{06E40FD2-013B-4AA3-BABD-05E2E1A7E359}C:\windows\asscrpro.exe" = protocol=6 | dir=in | app=c:\windows\asscrpro.exe | 
"TCP Query User{09A7B093-2DE3-401C-B458-6F2BDC96F82C}C:\users\dawid\downloads\restia\restia.exe" = protocol=6 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | 
"TCP Query User{4581C97D-5F56-43A7-915F-A7099302DFB2}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | 
"TCP Query User{4C063DFE-B9EA-4212-BD14-AECB298A587A}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | 
"TCP Query User{5351C412-A5EF-441A-B3DE-7B5BDAA412CB}F:\glador client\metin2.bin" = protocol=6 | dir=in | app=f:\glador client\metin2.bin | 
"TCP Query User{7555110D-329E-42FB-8A39-A6FF309CF8FF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{93216131-4F09-407C-835B-A489E0E29491}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | 
"TCP Query User{BA88D662-C411-4C6F-A760-872A459200DC}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=6 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | 
"TCP Query User{C10868C7-338C-4C3F-91AF-7018FF9FB134}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | 
"TCP Query User{E1B34BEA-5EB4-4F5F-982F-825F168CC824}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | 
"TCP Query User{F6156918-A7B6-4519-A505-34150A6ADA95}F:\cs\hl.exe" = protocol=6 | dir=in | app=f:\cs\hl.exe | 
"UDP Query User{0CC5AC93-2C99-4CDB-A7BD-F1A7575C25FD}C:\program files (x86)\cyberlink\power2go\clmlsvc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\power2go\clmlsvc.exe | 
"UDP Query User{0DEEC690-3A46-4B24-AD3D-566F4C26A282}C:\users\dawid\desktop\triador.pl - kopia\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl - kopia\triador.exe | 
"UDP Query User{12F5DEB4-AF67-4B47-9DAD-84DC25C74A4C}F:\glador client\metin2.bin" = protocol=17 | dir=in | app=f:\glador client\metin2.bin | 
"UDP Query User{20610B56-55B4-4AE1-9707-F59E939FF6BE}C:\users\dawid\desktop\triador.pl\triador.exe" = protocol=17 | dir=in | app=c:\users\dawid\desktop\triador.pl\triador.exe | 
"UDP Query User{3E0884E7-E423-4BF8-B012-28171F5F99D3}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | 
"UDP Query User{878AE2EA-83BA-4EE4-A818-59184EC6677E}F:\cs\hl.exe" = protocol=17 | dir=in | app=f:\cs\hl.exe | 
"UDP Query User{88E3E315-CC5F-45D3-B26B-DF3897C9BC63}C:\windows\asscrpro.exe" = protocol=17 | dir=in | app=c:\windows\asscrpro.exe | 
"UDP Query User{BE9D4F07-F2CD-4A5C-AB0C-A3E34FD87CF3}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\sonic focus\sonicfocustray.exe | 
"UDP Query User{C885ED93-8240-4462-9078-B59C9D2D8951}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{D17A455C-1B12-4820-98D1-430C950D895D}C:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe | 
"UDP Query User{EB65083D-AD30-42B9-891C-C2DA0012469A}C:\users\dawid\downloads\restia\restia.exe" = protocol=17 | dir=in | app=c:\users\dawid\downloads\restia\restia.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0437C01E-70D6-489B-B504-952F59912A72}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4827A9B4-FC4C-4BA9-9EFB-10CF703E7C3A}" = Windows Live Family Safety
"{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{65EDA937-3C7B-4009-99A1-795FD3FBECF5}" = Windows Live Family Safety
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{701D8EE6-6A5A-4509-9740-35F551193CE0}" = Windows Live Family Safety
"{76BB831E-D059-449A-AFDE-2A677E45DF18}" = Windows Live Family Safety
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A6752BB4-C571-4F3B-9A47-97405068DE0B}" = Windows Live Family Safety
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{BD864ECC-620D-4240-AB9A-B5F7340E337C}" = Windows Live Family Safety
"{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety
"{C933FB4A-CFC0-4DDD-8FB1-A437B6C58B34}" = Windows Live Family Safety
"{CB5FBF73-7CE7-481C-8598-8D4C34705C23}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D157C6E7-5847-4FD1-BEDC-7389493874F6}" = Windows Live Remote Service Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E10CB758-D5FD-4A2D-A1C9-459D6BB0C035}" = Windows Live Remote Client Resources
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047377C9-C74B-4345-82E8-03BAE5DF2C32}" = Windows Live Writer
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A093C39-CBB3-4142-B93F-562F176B6305}" = Windows Live Mesh
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B80A0FD-755A-4796-BFB0-A7B07366F33A}" = Windows Live Mail
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1168ECF1-2932-4E86-BC83-560C256C8022}" = Windows Live Photo Common
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1BCF995D-78B8-4883-BC8E-D7A32BB463DA}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}" = Windows Live Mesh ActiveX-i juhtelement kaugühendustele
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D7CF073-6583-464A-84D4-F86DE59DCA42}" = MorphVOX Pro
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{826A9D28-CAB2-4950-8AAA-B639DCA444CE}" = Windows Live UX Platform Language Pack
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D33ECF4-1A77-4674-ABAE-DFF978C5BC0A}" = Windows Live Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFCE1F8-8ADB-40F2-BED7-7728BED00EC0}" = Windows Live Essentials
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1038-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DEE8F5-29D4-4A5E-823B-4A7850C5E53D}" = Windows Live'i fotogalerii
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A4E5F3-9ACD-412E-B380-F838DF9787B9}" = Windows Live Writer Resources
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Opera 18.0.1284.68" = Opera Stable 18.0.1284.68
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Counter-Strike" = Counter-Strike
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Hoolapp For Android" = Hoolapp For Android
"lollipop" = Lollipop
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3595852630-21996747-1513789104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Media Player" = FoxTab Media Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"FoxTab PDF Reader" = FoxTab PDF Reader
"GG" = GG
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: dmwu.exe, wersja: 4.0.7.3, sygnatura
 czasowa: 0x5235a54b  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
 czasowa: 0x00000000  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x0000000000000000
Identyfikator
 procesu powodującego błąd: 0x14c8  Godzina uruchomienia aplikacji powodującej błąd:
 0x01cec33443b2cb7d  Ścieżka aplikacji powodującej błąd: C:\Windows\system32\dmwu.exe
Ścieżka
 modułu powodującego błąd: unknown  Identyfikator raportu: c6c2321f-2f9e-11e3-9d17-742f68b7a266
 
Error - 2013-10-07 18:21:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: SweetIM.exe, wersja: 3.7.0.7, sygnatura
 czasowa: 0x506d9e00  Nazwa modułu powodującego błąd: ole32.DLL, wersja: 6.1.7601.17514,
 sygnatura czasowa: 0x4ce7b96f  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x00039342
Identyfikator
 procesu powodującego błąd: 0x1100  Godzina uruchomienia aplikacji powodującej błąd:
 0x01cec2b9b4e5f802  Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\syswow64\ole32.DLL  Identyfikator raportu: c6a802fc-2f9e-11e3-9d17-742f68b7a266
 
Error - 2013-10-08 01:28:00 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: lmrn.dll, wersja: 
0.0.0.0, sygnatura czasowa: 0x5235a86d  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x0001347e  Identyfikator procesu powodującego błąd: 0x3208  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cec3e653782f10  Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll  Identyfikator raportu:
 64f74c59-2fda-11e3-9d17-742f68b7a266
 
Error - 2013-10-08 15:55:14 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7601.18229, sygnatura czasowa: 0x51fb1072  Kod wyjątku: 0xc0000374  Przesunięcie
 błędu: 0x000ce753  Identyfikator procesu powodującego błąd: 0x1570  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01cec45876523323  Ścieżka aplikacji powodującej błąd:
 C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe  Ścieżka modułu
 powodującego błąd: C:\Windows\SysWOW64\ntdll.dll  Identyfikator raportu: 8befce34-3053-11e3-9d17-742f68b7a266
 
Error - 2013-10-09 02:01:17 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2013-10-09 02:56:13 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: lmrn.dll, wersja: 
0.0.0.0, sygnatura czasowa: 0x5235a86d  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x0001347e  Identyfikator procesu powodującego błąd: 0x890  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cec4b98cf870eb  Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll  Identyfikator raportu:
 e2404db8-30af-11e3-9d17-742f68b7a266
 
Error - 2013-10-09 03:03:09 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: lmrn.dll, wersja: 
0.0.0.0, sygnatura czasowa: 0x5235a86d  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x0001347e  Identyfikator procesu powodującego błąd: 0x2b40  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cec4bcae0a52e8  Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll  Identyfikator raportu:
 da4b6b3f-30b0-11e3-9d17-742f68b7a266
 
Error - 2013-10-09 03:05:27 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: lmrn.dll, wersja: 
0.0.0.0, sygnatura czasowa: 0x5235a86d  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x0001347e  Identyfikator procesu powodującego błąd: 0x4494  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cec4bd9f8384ef  Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll  Identyfikator raportu:
 2c6eed84-30b1-11e3-9d17-742f68b7a266
 
Error - 2013-10-09 12:23:42 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 30.0.1599.69,
 sygnatura czasowa: 0x524cdedb  Nazwa modułu powodującego błąd: lmrn.dll, wersja: 
0.0.0.0, sygnatura czasowa: 0x5235a86d  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x0001347e  Identyfikator procesu powodującego błąd: 0x2638  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cec50931034633  Ścieżka aplikacji powodującej błąd: C:\Users\Dawid\AppData\Local\Google\Chrome\Application\chrome.exe
Ścieżka
 modułu powodującego błąd: C:\Windows\SysWOW64\jmdp\lmrn.dll  Identyfikator raportu:
 2901b4eb-30ff-11e3-9d17-742f68b7a266
 
Error - 2013-10-09 15:34:52 | Computer Name = Dawid-Komputer | Source = Application Hang | ID = 1002
Description = Program Argentus.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: 2c90    Godzina rozpoczęcia: 01cec50bcb1467bc    Godzina zakończenia:
 605    Ścieżka aplikacji: C:\Users\Dawid\Desktop\Argentu\Argentus.exe    Identyfikator 
raportu:   
 
Error - 2013-10-10 10:27:35 | Computer Name = Dawid-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: adawarebp.exe, wersja: 1.0.1.82,
 sygnatura czasowa: 0x50aa8d2b  Nazwa modułu powodującego błąd: netprofm.dll, wersja:
 6.1.7600.16385, sygnatura czasowa: 0x4a5bda75  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x00002505  Identyfikator procesu powodującego błąd: 0x110c  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01cec2b9b553c56d  Ścieżka aplikacji powodującej błąd:
 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe  Ścieżka modułu powodującego
 błąd: C:\Windows\System32\netprofm.dll  Identyfikator raportu: 1b1ad432-31b8-11e3-9d17-742f68b7a266
 
Error - 2013-10-10 13:58:03 | Computer Name = Dawid-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Dawid\Downloads\SoftonicDownloader_dla_windows-xp-service-pack.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 2012-07-23 13:02:03 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:03 - Błąd podczas nawiązywania połączenia z Internetem.  19:02:03
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-07-23 13:02:12 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 19:02:10 - Błąd podczas nawiązywania połączenia z Internetem.  19:02:10
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-07-23 14:02:19 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:19 - Błąd podczas nawiązywania połączenia z Internetem.  20:02:19
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-07-23 14:02:27 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 20:02:26 - Błąd podczas nawiązywania połączenia z Internetem.  20:02:26
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-07-23 15:06:26 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:26 - Błąd podczas nawiązywania połączenia z Internetem.  21:06:26
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-07-23 15:06:34 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 21:06:33 - Błąd podczas nawiązywania połączenia z Internetem.  21:06:33
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-08-01 11:06:17 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:17 - Błąd podczas nawiązywania połączenia z Internetem.  17:06:17
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-08-01 11:06:28 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 17:06:25 - Błąd podczas nawiązywania połączenia z Internetem.  17:06:25
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-08-01 12:06:35 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:35 - Błąd podczas nawiązywania połączenia z Internetem.  18:06:35
 -     Nie można skontaktować się z serwerem..  
 
Error - 2012-08-01 12:06:43 | Computer Name = Dawid-Komputer | Source = MCUpdate | ID = 0
Description = 18:06:42 - Błąd podczas nawiązywania połączenia z Internetem.  18:06:42
 -     Nie można skontaktować się z serwerem..  
 
[ OSession Events ]
Error - 2013-11-19 15:08:53 | Computer Name = Dawid-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 362
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa HWDeviceService64.exe niespodziewanie zakończyła pracę. Wystąpiło
 to razy: 1.
 
Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Atheros Bt&Wlan Coex Agent niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca
 czynność korekcyjna: Uruchom usługę ponownie.
 
Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2013-12-25 20:40:10 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło 
to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna:
 Uruchom usługę ponownie.
 
Error - 2013-12-25 20:40:11 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to
 razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
 Uruchom usługę ponownie.
 
Error - 2013-12-25 20:40:12 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa udostępniania w sieci programu Windows Media Player 
niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund
 zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error - 2013-12-25 20:41:53 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASMMAP64 z powodu następującego błędu: 
  %%2
 
Error - 2013-12-25 20:41:53 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa ATKGFNEX Service zależy od usługi ASMMAP64, której nie można
 uruchomić z powodu następującego błędu:   %%2
 
Error - 2013-12-25 20:42:35 | Computer Name = Dawid-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   ATKWMIACPIIO
 
 
< End of report >
Lov3las3K
komentarz
komentarz

ref ? 

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.