Skocz do zawartości


Logi - Kontrolne sprawdzenie

  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 boruurob



  • 4 postów

Napisano 05 11 2012 - 01:46

Po pierwsze nie poradzilem sobie z kasperskim:

Information about applications and operating system components in which vulnerabilities have been detected.

C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti
C:\Program Files (x86)\Java\jre7\bin\java.exe

Information about vulnerabilities associated with the settings of installed applications and the operating system.

"Microsoft Internet Explorer - disable caching data received via protected channel"

Po drugie log z OTL:
OTL logfile created on: 11/4/2012 11:35:15 PM - Run 1
OTL by OldTimer - Version	 Folder = C:\Users\mirra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7.48 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 76.61% Memory free
14.96 Gb Paging File | 11.82 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 207.48 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Drive D: | 404.75 Gb Total Space | 149.77 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: MIRRA-LAPTOP | User Name: mirra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/02 11:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mirra\Downloads\OTL.exe
PRC - [2012/10/28 19:11:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 08:23:41 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/08/01 08:44:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 21:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/08 09:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 09:05:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/15 14:12:58 | 002,158,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
PRC - [2011/06/15 13:14:06 | 007,057,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
PRC - [2011/06/06 08:09:00 | 003,870,112 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
PRC - [2011/06/04 09:18:22 | 002,213,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
PRC - [2011/04/14 12:38:50 | 000,727,120 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
PRC - [2011/04/14 08:15:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/29 05:15:54 | 004,399,696 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/02/16 17:03:20 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
PRC - [2011/01/11 23:42:50 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2005/03/31 10:18:49 | 000,790,528 | ---- | M] ( -- C:\Program Files (x86)\Gadu-Gadu\gg.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/10/28 19:11:42 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 08:23:40 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/07/27 21:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
MOD - [2011/02/16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
MOD - [2005/03/31 16:07:49 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\update.dll
MOD - [2003/11/24 08:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\Crypto.dll
MOD - [2003/06/23 08:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libeay32.dll
MOD - [2003/06/23 08:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ssleay32.dll
MOD - [2000/07/07 17:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ggwhook.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012/02/08 00:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:[b]64bit:[/b] - [2011/05/26 21:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/28 19:11:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 08:23:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 09:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:05:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/06/15 18:07:56 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2012/05/08 09:05:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012/05/08 09:05:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/08 00:12:02 | 000,161,432 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:[b]64bit:[/b] - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:[b]64bit:[/b] - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:[b]64bit:[/b] - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:[b]64bit:[/b] - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:16 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:14 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:14 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:14 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:14 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:14 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:12 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011/06/15 18:08:12 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2011/05/26 22:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/05/26 20:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/05/17 07:55:28 | 000,533,096 | ---- | M] (Realtek										 ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/04/14 08:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/03/05 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2011/03/05 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/18 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2010/11/12 23:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2010/06/18 23:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:[b]64bit:[/b] - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008/01/02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/06 11:39:40 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}
IE - HKLM\..\SearchScopes\{DBD64135-7390-4F52-9069-56A8BCA4D47E}: "URL" ={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..keyword.URL: ""

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\ C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\ disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\ disabled File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 20:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 19:11:38 | 000,000,000 | ---D | M]

[2012/02/06 13:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Extensions
[2012/11/02 20:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions
[2012/05/08 21:12:55 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\
[2012/11/02 11:16:30 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/07 22:17:08 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\
[2012/09/30 18:05:31 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2012/07/25 14:44:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/06 21:27:06 | 000,000,792 | ---- | M] () -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\searchplugins\startsear.xml
[2012/10/28 19:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 19:11:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/25 13:57:52 | 000,121,024 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll
[2012/11/02 11:16:28 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/03/10 14:14:24 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012/07/19 16:34:22 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/10 14:14:24 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012/03/10 14:14:24 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012/03/10 14:14:24 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012/03/10 14:14:24 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012/03/10 14:14:24 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FBFB984-430F-4C6D-A990-AA4E981BC560}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F084F73-9701-43DE-ACEC-7F47ABB950D2}: DhcpNameServer =
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\ [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/04 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\mirra\Desktop\my little pony
[2012/11/04 09:30:59 | 000,000,000 | R--D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/11/02 23:13:09 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/11/02 23:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/02 23:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/11/02 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/11/02 22:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Polski)
[2012/11/02 20:42:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\SysInfo
[2012/11/02 20:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/02 14:50:29 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\LavasoftStatistics
[2012/11/02 12:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/11/02 11:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/11/02 11:22:22 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2012/11/02 11:22:21 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys
[2012/11/02 11:22:21 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/11/02 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\adawarebp
[2012/11/02 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/02 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Ad-Aware Antivirus
[2012/10/28 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Było Sobie Życie
[2012/10/14 15:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Było Sobie Życie
[2012/10/14 13:50:51 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71u.dll
[2012/10/14 13:50:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71.dll
[2012/10/14 13:50:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\atl71.dll
[2012/10/14 13:50:49 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCP70.DLL
[2012/10/14 13:50:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCR70.DLL
[2012/10/14 13:50:46 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\ApplicationHistory
[2012/10/14 13:48:03 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2012/10/14 13:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/10/10 08:43:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 08:43:12 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 08:43:12 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 08:43:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 08:43:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 08:43:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 08:43:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 08:43:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 08:43:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 08:43:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 08:43:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 08:43:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 08:43:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 08:43:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 08:42:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 08:42:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 08:42:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/04 23:22:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 23:09:38 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 23:09:38 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 22:53:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 21:29:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/04 20:43:13 | 000,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2012/11/04 11:10:09 | 000,001,042 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 09:33:21 | 001,580,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/04 09:33:21 | 000,708,346 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2012/11/04 09:33:21 | 000,625,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/04 09:33:21 | 000,141,070 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2012/11/04 09:33:21 | 000,110,980 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/04 09:30:59 | 000,000,665 | ---- | M] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/04 09:29:53 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/04 09:28:45 | 3736,924,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/02 23:12:57 | 000,001,037 | ---- | M] () -- C:\Users\mirra\Desktop\Kaspersky Security Scan.lnk
[2012/11/02 20:21:37 | 000,001,218 | ---- | M] () -- C:\Users\mirra\Desktop\Spybot - Search & Destroy.lnk
[2012/11/02 11:22:56 | 000,001,670 | ---- | M] () -- C:\windows\Sandboxie.ini
[2012/11/01 07:17:09 | 000,065,694 | ---- | M] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | M] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:50:24 | 001,605,848 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/10/14 13:45:53 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/10/09 08:23:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 08:23:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/04 09:30:57 | 000,000,665 | ---- | C] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/02 23:13:09 | 000,001,037 | ---- | C] () -- C:\Users\mirra\Desktop\Kaspersky Security Scan.lnk
[2012/11/02 20:21:37 | 000,001,218 | ---- | C] () -- C:\Users\mirra\Desktop\Spybot - Search & Destroy.lnk
[2012/11/02 11:22:24 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/01 07:17:08 | 000,065,694 | ---- | C] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | C] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:45:52 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/08/29 08:02:10 | 000,755,027 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/08/29 08:02:10 | 000,159,839 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/08/29 08:02:09 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2012/08/29 08:02:07 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/03/27 23:02:48 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/03/15 23:43:46 | 000,001,670 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/02/02 12:35:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/26 23:23:20 | 000,026,624 | ---- | C] () -- C:\Users\mirra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:52:49 | 001,605,848 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/20 22:11:44 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/09/20 22:11:16 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/09/20 07:23:44 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/20 06:53:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/20 06:39:52 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/09/20 06:09:52 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
[2011/03/21 11:56:22 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/02/10 05:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


< End of report >

oraz extras:

OTL Extras logfile created on: 11/4/2012 11:35:15 PM - Run 1
OTL by OldTimer - Version	 Folder = C:\Users\mirra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7.48 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 76.61% Memory free
14.96 Gb Paging File | 11.82 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 207.48 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Drive D: | 404.75 Gb Total Space | 149.77 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: MIRRA-LAPTOP | User Name: mirra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

"EnableFirewall" = 1
"DisableNotifications" = 0

"EnableFirewall" = 1
"DisableNotifications" = 0

"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

"{0C9BA862-99C2-4408-93AC-B001F5760AD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DC78107-76C5-4555-8A09-42834E927C03}" = rport=137 | protocol=17 | dir=out | app=system |
"{487DF951-DA0F-42A7-AB38-20604CEC5068}" = lport=10243 | protocol=6 | dir=in | app=system |
"{494F469E-11AC-49A6-9F44-70CC044C8EEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{569C285D-F99B-4F63-BC30-AF887579BF4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57B7AA28-8B6B-40DA-A3F0-B6AF85D21153}" = lport=137 | protocol=17 | dir=in | app=system |
"{582166A5-CFFA-4FE1-918C-6B8ADB3511D3}" = lport=139 | protocol=6 | dir=in | app=system |
"{65A21241-5394-4A8C-B907-4C6413C3DBD2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A32C569-989D-4020-AF5F-721617176D48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CEBF0D9-1210-4931-916E-668E1948FB81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D1068C8-3E41-420D-B048-601668A4587B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EAD723B-1E6F-4FF5-A3D3-14A9FDE326B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86504342-17A5-474C-96B2-83BE8970E821}" = rport=445 | protocol=6 | dir=out | app=system |
"{868937AE-2AB9-421B-A141-ABA947FCD9D9}" = lport=445 | protocol=6 | dir=in | app=system |
"{881CCEB0-8A40-41ED-B18E-B18E87C5C069}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F5CA7E7-9B50-4B97-B35D-689E2E0E9AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3A37514-B2E5-4953-B5C8-C6B8A57830D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6671393-C8C6-46ED-9973-71EA8B2CEC5F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B149EA75-380A-4CB5-8996-1DC5DA850B70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3D39F21-5572-4ADB-8CC1-D18C3BA0653D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6E57F54-BC03-4170-8AD7-B69140FE12FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E18CAC37-A44D-440E-91BC-E0687BBDE0E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EECA34E7-F696-4D96-9EB0-EDBFA94D3AAD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EFBB8B5A-56C1-4E46-83C5-696128F1125E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9775D46-BDF6-4BF5-8CE3-F4413B85D819}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

"{01788EDC-C3D6-4F7D-BD1D-782C5E287EFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{017BA8A4-144A-4866-A6C2-84281065BEDD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{11A700F6-0C11-448F-A4E5-7E72C4177798}" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"{128410B5-8B79-460B-9808-5CFD4D8D9FBB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{142661BA-5BAA-438E-B26A-FA4D2B9DCF0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{227CDD3C-BF96-45B9-AE5A-57A0B78F6086}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2281E081-C45A-4141-9BDA-A2624B280A7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29A90FEB-64DA-4BB6-9952-1F1EDDFD36C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{302DF9FF-5D55-401A-8F25-91BB341CB8EF}" = protocol=6 | dir=in | app=c:\users\mirra\appdata\roaming\dropbox\bin\dropbox.exe |
"{35F15C84-586E-4369-8E80-DAAB5E09C042}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{39B2C853-3A17-4F99-899C-8A754D78B950}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{45B16B9D-08BD-49B0-B19D-22E0542CDCD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A5B0227-CDF9-4859-B1CE-92EE53A76ADA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{617EB2D8-E741-436B-8257-172E262AC65A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6A6A4498-1B71-448D-8120-49FACE1E9294}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{6CC09ACE-2D06-4BD6-8542-3607DA6A331F}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{712797C6-3CF6-4CC3-B890-6BE973660702}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{72B0F14A-7C0C-487F-80CF-ECF2BD2960AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF32CA8-88EB-4EE0-B15C-B10DF427523A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{82A21D19-01B5-494D-A713-29A813EFE52B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84E74CCD-CDB5-483C-9B89-5889206F44D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8661B950-A02C-42B3-9E82-93FC87A08355}" = protocol=6 | dir=out | app=system |
"{87FB85CC-35DB-4F3A-81BD-0E13D8F38E65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AF66115-8FB8-4B27-886B-59C38CD121D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8E76B329-A5C6-48CB-88E0-E1F690D0B50B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8F0C4E6A-1124-4957-8873-24648EBA813D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB62F45-DF60-461F-92E7-92D30039C607}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B01961A1-78E2-46D0-92ED-7D308D9A2A94}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B705B6B0-C49F-4B1E-8860-9507D9158B93}" = protocol=17 | dir=in | app=c:\users\mirra\appdata\roaming\dropbox\bin\dropbox.exe |
"{B7F316CF-97CD-4847-B551-528573CFCE85}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{C0138FAF-1826-47F7-A689-A2DF1587A7F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3DB00BB-CADD-41AE-B7D2-FAEFF87AB0ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C943F1A5-66E6-4968-9AFD-4DC38DA421ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9AF9262-FDF4-4841-A4FB-AC69937A8D92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCED64E9-E45D-4258-8389-36BE98E7F8C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6BC134A-44D5-46C5-B471-452103B5E889}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DED3FD8D-0326-43DD-816A-39AD067C975F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{E334BF2A-BAFD-466A-B52E-74415FD1417B}" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"{E7BD6A59-3D5C-427C-A1EC-E69CA5D2A0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F41F9175-46ED-44FB-9EEF-E75E853394DC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{F4763DFD-200A-4B30-A35B-1F434F3A1EBC}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{F689FDF7-CA63-4974-860D-FF44B117C46A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{2C0AF3AC-4C05-4DFC-B594-3469D3843C79}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{3CE985FF-BE6D-4A9B-9CE1-26712BD92A3B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{4CC5A1EB-62E2-4F8C-B001-A414B92293AB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{58D7DD89-20BC-4814-B22E-AA51EDBB4665}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{64A14A32-8E76-4930-BDBC-DC3CF5247DB0}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{6EE51B5F-484E-4ACE-8068-EC79B383CE7D}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{A71498BC-55A7-4B5A-8C70-A7A42FF54B06}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{EA822C93-2E16-4C65-BDBE-A0534B5F0188}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"UDP Query User{2C349E87-4924-4DE4-805B-6E3FAC5C3C55}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{3028BF5D-AD05-44ED-AC98-7C49D42A6668}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{48042572-9841-4C3A-BB7E-C942C485F814}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{68651E85-FFA4-428B-929B-2A1C85D1A17C}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{BF15DB6B-7262-49B3-99FA-89B891388243}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{C2919191-316C-4FA4-91C2-FF23F658B2D2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D36F2463-34C3-4013-AEA8-560C6C90B962}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"UDP Query User{F857B1FF-C883-4976-8FBA-65F98692EADC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{129EE1A8-FA82-5E76-0DE5-50D51ED1AF7E}" = ATI Catalyst Install Manager
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{601D7B72-FEE9-FECD-7304-3FBE8465F440}" = ccc-utility64
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"Elantech" = ETDWare PS/2-X64
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008
"Master PDF Editor 1.7.28_is1" = Master PDF Editor 1.7.28
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Sandboxie" = Sandboxie 3.64 (64-bit)

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live ???
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05323978-FDA1-466F-9298-B97E6E2E1107}" = Hugo - Przygoda z angielskim
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0658C55D-D095-6B0B-A662-36A8202F1408}" = AMD VISION Engine Control Center
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live ?? ???
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A303DB2-DCB9-324F-1B05-30A819E66A3B}" = CCC Help German
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = ???? Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}" = EasyFileShare
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Samsung Control Center
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F68DD28-BF5B-52AC-B584-4B8E546F069A}" = CCC Help Japanese
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39AD1D17-7D06-499E-BC78-F54D4DB93D22}" = SpringPublisher
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = ??????????? ?? Windows Live
"{44F4024E-5214-B183-AC1A-E92486AE3CDA}" = CCC Help French
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live ??
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" =
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = ?????????? Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A312E06-B7B6-5B75-18AA-1262EAB41971}" = CCC Help Portuguese
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B56AC11-A09B-D148-EA51-AB4500A84F50}" = Catalyst Control Center InstallProxy
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live ???
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95D5C923-A6C2-5629-7873-938099245C53}" = CCC Help Spanish
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}" = Eco Mode
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D554E62-4CC6-F0D8-ECFC-817830E8496A}" = CCC Help Chinese Standard
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = ????? Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotograf Galerisi
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BE73A21F-D108-2652-3F12-65C2D264C895}" = Catalyst Control Center Localization All
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = ??????? ??????????? ??? Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = ?????? ??????? ?? Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattelu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E09F77-363F-425E-8E5D-ADD88CC545F9}" = Socrates 102
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live ?? ???
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAE4E3BE-78F3-FB72-9DD3-EF690FC96D01}" = e-Deklaracje Desktop
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = ???????? ?????????? Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live ????
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live ???
"{F08F7C0A-30E7-23D6-F0B3-BB1717ACA5D2}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = ???? ??? Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEB42E39-CD8A-28A5-981B-1D8302CD50D7}" = CCC Help Italian
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Było Sobie Życie_is1" = Było Sobie Życie 1.0
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" =
"e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1" = e-Deklaracje Desktop
"Gadu-Gadu" = Gadu-Gadu 6.1
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D3E09F77-363F-425E-8E5D-ADD88CC545F9}" = Socrates 102
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"KLiteCodecPack_is1" = <a href="">K-Lite Codec Pack</a> 4.3.1 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"Ogg Codecs" = Ogg Codecs 0.81.15562
"oggcodecs" = oggcodecs 0.71.0946
"Opera 12.02.1578" = Opera 12.02
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel PROSet Wireless
"QuickTime" = QuickTime
"Revo Uninstaller" = Revo Uninstaller 1.94
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SopCast" = SopCast 3.2.4
"Trusted Software Assistant_is1" = File Type Assistant
"Turtix Misja Ratunkowa_is1" = Turtix Misja Ratunkowa
"WinLiveSuite" = Windows Live ???

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

"Dropbox" = Dropbox

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/30/2012 3:57:30 PM | Computer Name = mirra-laptop | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Power2Go.exe, wersja:,
sygnatura czasowa: 0x4b6783f4 Nazwa modułu powodującego błąd: Power2Go.exe, wersja:, sygnatura czasowa: 0x4b6783f4 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x0003cb3c Identyfikator procesu powodującego błąd: 0x1844 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cd6e8cf8688708 Ścieżka aplikacji powodującej błąd: C:\Program
Files (x86)\CyberLink\Power2Go\Power2Go.exe Ścieżka modułu powodującego błąd: C:\Program
Files (x86)\CyberLink\Power2Go\Power2Go.exe Identyfikator raportu: cb36d244-da80-11e1-ba82-e81132e07bf2

Error - 7/30/2012 4:21:47 PM | Computer Name = mirra-laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 2:14:18 AM | Computer Name = mirra-laptop | Source = CVHSVC | ID = 100
Description = Tylko informacje. Error: BITS connection error Type: 150::InternetConnectionFailure.

Error - 7/31/2012 5:19:35 AM | Computer Name = mirra-laptop | Source = Application Hang | ID = 1002
Description = Program firefox.exe w wersji zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 15c8 Godzina rozpoczęcia: 01cd6ee65fd4af7b Godzina zakończenia:
53 Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Identyfikator
raportu: d23cf5d3-daf0-11e1-a782-e81132e07bf2

Error - 8/1/2012 4:44:15 PM | Computer Name = mirra-laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 12:23:13 AM | Computer Name = mirra-laptop | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 12:31:54 AM | Computer Name = mirra-laptop | Source = CVHSVC | ID = 100
Description = Tylko informacje. Error: BITS connection error Type: 150::InternetConnectionFailure.

Error - 8/5/2012 12:57:28 AM | Computer Name = mirra-laptop | Source = CVHSVC | ID = 100
Description = Tylko informacje. Error: BITS connection error Type: 150::InternetConnectionFailure.

Error - 8/6/2012 12:52:29 PM | Computer Name = mirra-laptop | Source = CVHSVC | ID = 100
Description = Tylko informacje. Error: BITS connection error Type: 150::InternetConnectionFailure.

Error - 8/8/2012 6:09:59 AM | Computer Name = mirra-laptop | Source = CVHSVC | ID = 100
Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}):
DownloadLatest Failed:

[ System Events ]
Error - 11/3/2012 4:06:18 AM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/3/2012 5:48:46 AM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/3/2012 9:38:26 AM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/3/2012 12:00:49 PM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/3/2012 1:29:11 PM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/3/2012 2:11:24 PM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/4/2012 4:18:59 AM | Computer Name = mirra-laptop | Source = BTHUSB | ID = 327697
Description = W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter
nie będzie używany. Sterownik został usunięty z pamięci.

Error - 11/4/2012 4:27:23 AM | Computer Name = mirra-laptop | Source = Service Control Manager | ID = 7043
Description = Usługa Windows Update nie została poprawnie zamknięta po odebraniu
kodu sterującego przed zamknięciem.

Error - 11/4/2012 4:27:46 AM | Computer Name = mirra-laptop | Source = Service Control Manager | ID = 7023
Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił
następujący błąd: %%19

Error - 11/4/2012 9:19:07 AM | Computer Name = mirra-laptop | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi Schedule.

< End of report >

po trzecie Silent Runners:

"Silent Runners.vbs", revision 64,
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Gadu-Gadu = "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray []
SandboxieControl = "C:\Program Files\Sandboxie\SbieCtrl.exe" [SANDBOXIE L.T.D]
SpybotSD TeaTimer = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [Safer-Networking Ltd.]
KSS = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
AtherosBtStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [Atheros Communications]
AthBtTray = "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
QuickTime Task = "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [Apple Computer, Inc.]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
Ad-Aware Browsing Protection = "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [Lavasoft]
Ad-Aware Antivirus = "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [Lavasoft Limited]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
				 \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Spybot-S&D IE Protection
					 \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
-> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA609D72-8482-4076-8991-8CDAE5B93BCB}\(Default) = Samsung BHO Helper
-> {HKLM…Wow…CLSID} = Samsung BHO Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
-> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
-> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]

GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
-> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
-> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM…CLSID} = DisplayCplExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
-> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
-> {HKLM…CLSID} = ContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]

{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
-> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
				 \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM…CLSID} = Shell Extension for Malware scanning
				 \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{E99987AC-6311-4686-B095-EB30B69F9258} = Samsung AnyWeb Print Clipbook - shell extension module of desk band
-> {HKLM…Wow…CLSID} = Samsung AnyWeb Print
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
-> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM…CLSID} = Shell Extension for Malware scanning
				 \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

AdAwareContextMenu64\(Default) = {E110352D-007C-444F-851E-97EC0F161C99}
-> {HKLM…CLSID} = AdAwareContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll [Lavasoft Limited]

FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
-> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
-> {HKLM…CLSID} = Ath_CopyHook
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM…CLSID} = Shell Extension for Malware scanning
				 \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

Default executables:

HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
HKLM\SOFTWARE\Classes\.exe\shell\open\command\(Default) = (value not set)

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers

Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\<a href="">K-Lite Codec Pack</a>\Media Player Classic\mplayerc.exe" %1 /cd [mpc-hc@Sourceforge]
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\<a href="">K-Lite Codec Pack</a>\Media Player Classic\mplayerc.exe" %1 /dvd [mpc-hc@Sourceforge]

Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\<a href="">K-Lite Codec Pack</a>\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\<a href="">K-Lite Codec Pack</a>\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]

Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video dv
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = Picture
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" photo import "%L" [CyberLink Corp.]

Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = VideoFiles
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video import "%L" [CyberLink Corp.]
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Provider = PowerDVD 10
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]

Provider = PowerDVD 10
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = EnDVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]

Provider = PowerDVD 10
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]

Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]

Provider = Media Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

Provider = Media Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

Provider = Media Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe photo import wpd %1 %2;
-> {HKLM…CLSID} = WPDShextAutoplay
				 \LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]

Non-disabled Scheduled Tasks:

C:\Users\mirra\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
Ad-Aware Antivirus Scheduled Scan -> launches: C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe --scan=full [Lavasoft Limited]
Adobe Flash Player Updater -> launches: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
advSRS5 -> launches: "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe" [SEC]
EasyBatteryManager -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe" [SAMSUNG Electronics co., LTD.]
EasyDisplayMgr -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe" [Samsung Electronics Co., Ltd.]
EasyPartitionManager -> (HIDDEN!) launches: C:\Windows\MSetup\BA46-12225A02\EPM.exe [file not found]
EcoMode -> launches: "C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe" [Samsung Electronics]
Express Files Updater -> launches: C:\Program Files (x86)\ExpressFiles\EFupdater.exe [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [CyberLink]
MovieColorEnhancer -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe" [Samsung Electronics Co., Ltd.]
ProgramUpdateCheck -> launches: C:\Program Files (x86)\File Type Assistant\TSAssist.exe /chkupd [Trusted Software ApS]
SamsungSupportCenter -> (HIDDEN!) launches: %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe [SAMSUNG Electronics]
SCCSpeedBoot -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SCCSpeedBoot.exe" /s [Samsung Electronics Co., Ltd.]
SmartSetting -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SmartSetting.exe" [Samsung Electronics Co., Ltd.]
SUPBackground -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe" [Samsung Electronics]
SvcDelay -> (HIDDEN!) launches: %windir%\temp\SvcDelay.exe [file not found]
WifiManager -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\WifiManager.exe" hide [Samsung Electronics Co., Ltd.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
				 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
					 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
				 \InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]

Lpksetup -> launches: C:\windows\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\windows\System32\mcbuilder.exe [MS]
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
				 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
					 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
				 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
					 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM…CLSID} = RasMobilityManager
				 \InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
				 \InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
				 \InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
				 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
					 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
				 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
					 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
					 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

SqmUpload_S-1-5-21-564767970-4186023011-380315173-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
Explorer Bars

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E99987AC-6311-4686-B095-EB30B69F9258}\(Default) = Samsung AnyWeb Print
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
ButtonText = Samsung AnyWeb Print
CLSIDExtension = {94BB0C4C-B957-479A-85E4-42F53B89F681}
-> {HKLM…Wow…CLSID} = W2PButton Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]

MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
-> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
MenuText = Spybot - Search && Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
-> {HKLM…Wow…CLSID} = Spybot-S&D IE Protection
					 \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]

Running Services (Display Name, Service Name, Path {Service DLL}):
Ad-Aware, SBAMSvc, "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [GFI Software]
Ad-Aware Service, Ad-Aware Service, "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [Lavasoft Limited]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
Avira Realtime Protection, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Scheduler, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [empty string]
Kaspersky Security Scan Service, KSS, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [Kaspersky Lab ZAO]
Sandboxie Service, SbieSvc, "C:\Program Files\Sandboxie\SbieSvc.exe" [SANDBOXIE L.T.D]
SBSD Security Center Service, SBSDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [Safer Networking Ltd.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):

<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service

<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service

Print Monitors:

PDF Maker Port\Driver = pdf_localmon.dll [Copyright (c) 2007-2009 Code-Industry Team]
PrimoMon\Driver = Primomonnt.dll [null data]
spd__ Langmon\Driver = spd__l.dll [empty string]

---------- (launch time: 2012-11-05 00:10:17)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 67 seconds, including 3 seconds for message boxes)

po czwarte GMER:

GMER - GMER - Rootkit Detector and Remover
Rootkit scan 2012-11-05 00:41:29
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df78					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e156					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15c					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15e					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1b6					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e214					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593214					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593a15					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710724e2					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2					
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87		 0x50 0x75 0xE7 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1df78 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e156 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1b6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e214 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593214 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593a15 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710724e2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87			 0x50 0x75 0xE7 0x07 ...
---- EOF - GMER 1.0.15 ----

  • 0

#2 pawel315


    Uzależniony od forum

  • 1 553 postów

Napisano 05 11 2012 - 16:51

NIe poradziłeś sobie z Kasperskim, co to znaczy?
No ale jak masz 3 antyvirusy + spyboota i sandboxie, to nie dziwne ze następny nie chcę się zainstaować
Więc tak umawiamy się:
Zostawiasz jednego antyvira i sandboxie następnie dajesz nowe logi :)

  • 0

#3 boruurob



  • 4 postów

Napisano 05 11 2012 - 18:59

Faktycznie źle się wyraziłem. Kasperskiego zainstalowałem i proces skanowania też się zrobił. Natomiast chodzi mi o to, że po wywaleniu przez Kasperskiego raportu z lukami w systemie udało mi się część z nich poprawić ale część nie wiem jak zrobić i są to poniższe punkty:

Information about applications and operating system components in which vulnerabilities have been detected.

C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti
C:\Program Files (x86)\Java\jre7\bin\java.exe

Information about vulnerabilities associated with the settings of installed applications and the operating system.

Te antywiry i spyboota zainstalowałem wg porady z podstrony tego forum Bezpieczeństwo (wirusy i trojany) - Forum Komputerowe

Czyli zostawić powiedzmy Sandboxie i Ad-aware i wrzucić nowe logi?
  • 0

#4 pawel315


    Uzależniony od forum

  • 1 553 postów

Napisano 05 11 2012 - 19:07

Information about applications and operating system components in which vulnerabilities have been detected.

C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti
C:\Program Files (x86)\Java\jre7\bin\java.exe

co to tego to aktualizacja javy i picasa3 ta druga to chyba coś ze zmienną systemową ( ale aktualizacja tych programów może pomóc )

spyboot jest już stary i ja radzę do skanowania program MalwareBytes Anti-Malware ( ale masz rację jeszcze są poradniki z tymi starymi programami i mam nadzieję że wkrótce uda się to zmienić ) :)

Czyli zostawić powiedzmy Sandboxie i Ad-aware i wrzucić nowe logi?

Dokładnie tak ;)
  • 0

#5 boruurob



  • 4 postów

Napisano 06 11 2012 - 00:58

OTL logfile created on: 11/5/2012 10:13:15 PM - Run 2
OTL by OldTimer - Version Folder = C:\Users\mirra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7.48 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 70.81% Memory free
14.96 Gb Paging File | 12.62 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 209.76 Gb Free Space | 77.40% Space Free | Partition Type: NTFS
Drive D: | 404.75 Gb Total Space | 149.77 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: MIRRA-LAPTOP | User Name: mirra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 11:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mirra\Downloads\OTL.exe
PRC - [2012/10/28 19:11:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 08:23:41 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/15 14:12:58 | 002,158,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
PRC - [2011/06/15 13:14:06 | 007,057,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
PRC - [2011/06/06 08:09:00 | 003,870,112 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
PRC - [2011/06/04 09:18:22 | 002,213,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
PRC - [2011/04/14 12:38:50 | 000,727,120 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
PRC - [2011/04/14 08:15:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/29 05:15:54 | 004,399,696 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/02/16 17:03:20 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
PRC - [2011/01/11 23:42:50 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/03/31 10:18:49 | 000,790,528 | ---- | M] ( -- C:\Program Files (x86)\Gadu-Gadu\gg.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/28 19:11:42 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 08:23:40 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/02/16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
MOD - [2005/03/31 16:07:49 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\update.dll
MOD - [2003/11/24 08:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\Crypto.dll
MOD - [2003/06/23 08:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libeay32.dll
MOD - [2003/06/23 08:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ssleay32.dll
MOD - [2000/07/07 17:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ggwhook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/02/08 00:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/05/26 21:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/28 19:11:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 08:23:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/06/15 18:07:56 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.( [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/08 00:12:02 | 000,161,432 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/12/08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/15 18:08:16 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/15 18:08:14 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 18:08:14 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 18:08:14 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/06/15 18:08:14 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/06/15 18:08:14 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/06/15 18:08:12 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/06/15 18:08:12 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/05/26 22:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/26 20:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/14 08:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/05 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/12 23:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/06/18 23:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008/01/02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/06 11:39:40 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}
IE - HKLM\..\SearchScopes\{DBD64135-7390-4F52-9069-56A8BCA4D47E}: "URL" ={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\ C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\ disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\ disabled File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 20:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 19:11:38 | 000,000,000 | ---D | M]

[2012/02/06 13:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Extensions
[2012/11/02 20:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions
[2012/05/08 21:12:55 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\
[2012/11/02 11:16:30 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/07 22:17:08 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\
[2012/09/30 18:05:31 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2012/07/25 14:44:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/06 21:27:06 | 000,000,792 | ---- | M] () -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\searchplugins\startsear.xml
[2012/10/28 19:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 19:11:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/25 13:57:52 | 000,121,024 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll
[2012/11/02 11:16:28 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/03/10 14:14:24 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012/07/19 16:34:22 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/10 14:14:24 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012/03/10 14:14:24 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012/03/10 14:14:24 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012/03/10 14:14:24 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012/03/10 14:14:24 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FBFB984-430F-4C6D-A990-AA4E981BC560}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F084F73-9701-43DE-ACEC-7F47ABB950D2}: DhcpNameServer =
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\ [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 21:25:12 | 000,000,000 | R--D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/11/04 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\mirra\Desktop\my little pony
[2012/11/02 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/11/02 22:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Polski)
[2012/11/02 20:42:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\SysInfo
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/02 14:50:29 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\LavasoftStatistics
[2012/11/02 12:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/11/02 11:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/11/02 11:22:22 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2012/11/02 11:22:21 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys
[2012/11/02 11:22:21 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/11/02 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\adawarebp
[2012/11/02 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/02 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Ad-Aware Antivirus
[2012/10/28 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Było Sobie Życie
[2012/10/14 15:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Było Sobie Życie
[2012/10/14 13:50:51 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71u.dll
[2012/10/14 13:50:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71.dll
[2012/10/14 13:50:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\atl71.dll
[2012/10/14 13:50:49 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCP70.DLL
[2012/10/14 13:50:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCR70.DLL
[2012/10/14 13:50:46 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\ApplicationHistory
[2012/10/14 13:48:03 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2012/10/14 13:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/10/10 08:43:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 08:43:12 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 08:43:12 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 08:43:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 08:43:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 08:43:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 08:43:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 08:43:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 08:43:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 08:43:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 08:43:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 08:43:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 08:43:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 08:43:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 08:42:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 08:42:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 08:42:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/05 21:53:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/05 21:31:32 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 21:31:31 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 21:28:21 | 001,580,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/05 21:28:21 | 000,708,346 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2012/11/05 21:28:21 | 000,625,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/05 21:28:21 | 000,141,070 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2012/11/05 21:28:21 | 000,110,980 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/05 21:25:13 | 000,000,665 | ---- | M] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/05 21:24:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/05 21:23:54 | 000,001,042 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/05 21:23:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/05 21:23:19 | 3736,924,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 21:22:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 20:43:13 | 000,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2012/11/02 11:22:56 | 000,001,670 | ---- | M] () -- C:\windows\Sandboxie.ini
[2012/11/01 07:17:09 | 000,065,694 | ---- | M] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | M] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:50:24 | 001,605,848 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/10/14 13:45:53 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/10/09 08:23:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 08:23:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 21:24:14 | 000,000,665 | ---- | C] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/02 11:22:24 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/01 07:17:08 | 000,065,694 | ---- | C] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | C] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:45:52 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/08/29 08:02:10 | 000,755,027 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/08/29 08:02:10 | 000,159,839 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/08/29 08:02:09 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2012/08/29 08:02:07 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/03/27 23:02:48 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/03/15 23:43:46 | 000,001,670 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/02/02 12:35:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/26 23:23:20 | 000,026,624 | ---- | C] () -- C:\Users\mirra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:52:49 | 001,605,848 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/20 22:11:44 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/09/20 22:11:16 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/09/20 07:23:44 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/20 06:53:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/20 06:39:52 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/09/20 06:09:52 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
[2011/03/21 11:56:22 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/02/10 05:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


< End of report >

"Silent Runners.vbs", revision 64,
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Gadu-Gadu = "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray []
SandboxieControl = "C:\Program Files\Sandboxie\SbieCtrl.exe" [SANDBOXIE L.T.D]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
AtherosBtStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [Atheros Communications]
AthBtTray = "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
QuickTime Task = "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [Apple Computer, Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
Ad-Aware Browsing Protection = "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [Lavasoft]
Ad-Aware Antivirus = "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [Lavasoft Limited]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Windows Live ID Sign-in Helper
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
				 \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
  -> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA609D72-8482-4076-8991-8CDAE5B93BCB}\(Default) = Samsung BHO Helper
  -> {HKLM…Wow…CLSID} = Samsung BHO Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM…CLSID} = DisplayCplExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
  -> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
  -> {HKLM…CLSID} = ContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
  -> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
				 \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{E99987AC-6311-4686-B095-EB30B69F9258} = Samsung AnyWeb Print Clipbook - shell extension module of desk band
  -> {HKLM…Wow…CLSID} = Samsung AnyWeb Print
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
  -> {HKLM…CLSID} = WLIDCredentialProvider
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
  -> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
AdAwareContextMenu64\(Default) = {E110352D-007C-444F-851E-97EC0F161C99}
  -> {HKLM…CLSID} = AdAwareContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll [Lavasoft Limited]
FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
  -> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
  -> {HKLM…CLSID} = Ath_CopyHook
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

Default executables:
HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
HKLM\SOFTWARE\Classes\.exe\shell\open\command\(Default) = (value not set)

Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}
ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd [mpc-hc@Sourceforge]
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd [mpc-hc@Sourceforge]
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video dv
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = Picture
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" photo import "%L" [CyberLink Corp.]
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = VideoFiles
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video import "%L" [CyberLink Corp.]
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe"  "%L" [CyberLink Corp.]
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe"  "%L" [CyberLink Corp.]
Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
Provider = PowerDVD 10
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = EnDVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Provider = PowerDVD 10
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = Media Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe photo import wpd %1 %2;
  -> {HKLM…CLSID} = WPDShextAutoplay
				 \LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]

Non-disabled Scheduled Tasks:
C:\Users\mirra\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
Ad-Aware Antivirus Scheduled Scan ->  launches: C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe --scan=full [Lavasoft Limited]
Adobe Flash Player Updater ->  launches: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
advSRS5 ->  launches: "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe" [SEC]
EasyBatteryManager -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe" [SAMSUNG Electronics co., LTD.]
EasyDisplayMgr -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe" [Samsung Electronics Co., Ltd.]
EasyPartitionManager -> (HIDDEN!) launches: C:\Windows\MSetup\BA46-12225A02\EPM.exe [file not found]
EcoMode ->  launches: "C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe" [Samsung Electronics]
Express Files Updater ->  launches: C:\Program Files (x86)\ExpressFiles\EFupdater.exe [file not found]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [CyberLink]
MovieColorEnhancer -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe" [Samsung Electronics Co., Ltd.]
ProgramUpdateCheck ->  launches: C:\Program Files (x86)\File Type Assistant\TSAssist.exe /chkupd [Trusted Software ApS]
SamsungSupportCenter -> (HIDDEN!) launches: %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe [SAMSUNG Electronics]
SCCSpeedBoot -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SCCSpeedBoot.exe" /s [Samsung Electronics Co., Ltd.]
SmartSetting -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SmartSetting.exe" [Samsung Electronics Co., Ltd.]
SUPBackground -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe" [Samsung Electronics]
SvcDelay -> (HIDDEN!) launches: %windir%\temp\SvcDelay.exe [file not found]
WifiManager -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\WifiManager.exe" hide [Samsung Electronics Co., Ltd.]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
  -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM…CLSID} = KernelCeipCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM…CLSID} = UsbCeip
				 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
  -> {HKLM…Wow…CLSID} = UsbCeip
					 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
				 \InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]
Lpksetup ->  launches: C:\windows\System32\lpksetup.exe -v [MS]
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder ->  launches: C:\windows\System32\mcbuilder.exe [MS]
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
				 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
					 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
				 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
  -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
					 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM…CLSID} = RasMobilityManager
				 \InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM…CLSID} = RegistryIdleBackupHandler
				 \InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
				 \InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM…CLSID} = RunTask
				 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
  -> {HKLM…Wow…CLSID} = RunTask
					 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
				 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
					 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
  -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
					 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
SqmUpload_S-1-5-21-564767970-4186023011-380315173-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E99987AC-6311-4686-B095-EB30B69F9258}\(Default) = Samsung AnyWeb Print
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
ButtonText = Samsung AnyWeb Print
CLSIDExtension = {94BB0C4C-B957-479A-85E4-42F53B89F681}
  -> {HKLM…Wow…CLSID} = W2PButton Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
  -> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

Running Services (Display Name, Service Name, Path {Service DLL}):
Ad-Aware, SBAMSvc, "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [GFI Software]
Ad-Aware Service, Ad-Aware Service, "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [Lavasoft Limited]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [empty string]
Sandboxie Service, SbieSvc, "C:\Program Files\Sandboxie\SbieSvc.exe" [SANDBOXIE L.T.D]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):
<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service
<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service

Print Monitors:
PDF Maker Port\Driver = pdf_localmon.dll [Copyright (c) 2007-2009  Code-Industry Team]
PrimoMon\Driver = Primomonnt.dll [null data]
spd__ Langmon\Driver = spd__l.dll [empty string]

---------- (launch time: 2012-11-05 22:29:21)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 59 seconds, including 11 seconds for message boxes)

Rootkit scan 2012-11-05 23:57:27
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df78					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e156					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15c					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15e					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1b6					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e214					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593214					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593a15					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710724e2					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87		 0x50 0x75 0xE7 0x07 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1df78 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e156 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15c (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15e (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1b6 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e214 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593214 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593a15 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710724e2 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87			 0x50 0x75 0xE7 0x07 ...
---- Files - GMER 1.0.15 ----
File  C:\Users\mirra\AppData\Local\Mozilla\Firefox\Profiles\agofqqgr.default\Cache\A\AC\EF3DBd01	   23568 bytes
---- EOF - GMER 1.0.15 ----

  • 0

#6 pawel315


    Uzależniony od forum

  • 1 553 postów

Napisano 06 11 2012 - 20:57

tak ogólnie to czysto możesz użyć programu CCleaner

Użytkownik pawel315 edytował ten post 06 11 2012 - 20:57

  • 0

#7 boruurob



  • 4 postów

Napisano 07 11 2012 - 01:12

Przeleciałem CCleanerem. Z powyższego rozumiem, że poza tym nie ma jakichś problemów?

// załóż nowy temat w odpowiednim dziale //
// dział bezpieczeństwo nie jest odpowiedni do problemu z siecią WiFi //
// Qauke //

Użytkownik Qauke edytował ten post 07 11 2012 - 01:25

  • 0

#8 pawel315


    Uzależniony od forum

  • 1 553 postów

Napisano 07 11 2012 - 17:56

jeśli chodzi o logi to jest czysto

  • 0

Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych