Skocz do zawartości

  2. Przeglądanie profilu: Posty: boruurob

boruurob

Rejestracja: 05 lis 2012
OFFLINE Ostatnio: 07 11 2012 19:29
-----

Moje posty

W temacie: Logi - Kontrolne sprawdzenie

07 11 2012 - 01:12

Przeleciałem CCleanerem. Z powyższego rozumiem, że poza tym nie ma jakichś problemów?

// załóż nowy temat w odpowiednim dziale //
// dział bezpieczeństwo nie jest odpowiedni do problemu z siecią WiFi //
// Qauke //

W temacie: Logi - Kontrolne sprawdzenie

06 11 2012 - 00:58

OTL logfile created on: 11/5/2012 10:13:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mirra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7.48 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 70.81% Memory free
14.96 Gb Paging File | 12.62 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 271.00 Gb Total Space | 209.76 Gb Free Space | 77.40% Space Free | Partition Type: NTFS
Drive D: | 404.75 Gb Total Space | 149.77 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: MIRRA-LAPTOP | User Name: mirra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 11:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mirra\Downloads\OTL.exe
PRC - [2012/10/28 19:11:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 08:23:41 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/15 14:12:58 | 002,158,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
PRC - [2011/06/15 13:14:06 | 007,057,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
PRC - [2011/06/06 08:09:00 | 003,870,112 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
PRC - [2011/06/04 09:18:22 | 002,213,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
PRC - [2011/04/14 12:38:50 | 000,727,120 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
PRC - [2011/04/14 08:15:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/29 05:15:54 | 004,399,696 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/02/16 17:03:20 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
PRC - [2011/01/11 23:42:50 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/03/31 10:18:49 | 000,790,528 | ---- | M] (sms-express.com) -- C:\Program Files (x86)\Gadu-Gadu\gg.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/28 19:11:42 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 08:23:40 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/02/16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
MOD - [2005/03/31 16:07:49 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\update.dll
MOD - [2003/11/24 08:39:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\Crypto.dll
MOD - [2003/06/23 08:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\libeay32.dll
MOD - [2003/06/23 08:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ssleay32.dll
MOD - [2000/07/07 17:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\ggwhook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/08 00:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/05/26 21:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/28 19:11:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 08:23:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/15 18:09:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/06/15 18:07:56 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/08 00:12:02 | 000,161,432 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/12/08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/15 18:08:16 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/15 18:08:14 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 18:08:14 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 18:08:14 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/06/15 18:08:14 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/06/15 18:08:14 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/06/15 18:08:12 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/06/15 18:08:12 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/05/26 22:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/26 20:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/14 08:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/05 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/12 23:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/06/18 23:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008/01/02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/06 11:39:40 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=f8161d38-67c8-11e1-8475-e81132e07bf2
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=f8161d38-67c8-11e1-8475-e81132e07bf2&q={searchTerms}
IE - HKLM\..\SearchScopes\{DBD64135-7390-4F52-9069-56A8BCA4D47E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ietab@ip.cn:2.0.0.0
FF - prefs.js..extensions.enabledAddons: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..extensions.enabledAddons: firegestures@xuldev.org:1.6.18
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 20:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 19:11:38 | 000,000,000 | ---D | M]

[2012/02/06 13:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Extensions
[2012/11/02 20:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions
[2012/05/08 21:12:55 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\ietab@ip.cn
[2012/11/02 11:16:30 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\mirra\AppData\Roaming\mozilla\Firefox\Profiles\agofqqgr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/07 22:17:08 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\firegestures@xuldev.org.xpi
[2012/09/30 18:05:31 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2012/07/25 14:44:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/06 21:27:06 | 000,000,792 | ---- | M] () -- C:\Users\mirra\AppData\Roaming\mozilla\firefox\profiles\agofqqgr.default\searchplugins\startsear.xml
[2012/10/28 19:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 19:11:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/25 13:57:52 | 000,121,024 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll
[2012/11/02 11:16:28 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/03/10 14:14:24 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012/07/19 16:34:22 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/10 14:14:24 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012/03/10 14:14:24 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012/03/10 14:14:24 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012/03/10 14:14:24 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012/03/10 14:14:24 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (sms-express.com)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FBFB984-430F-4C6D-A990-AA4E981BC560}: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F084F73-9701-43DE-ACEC-7F47ABB950D2}: DhcpNameServer = 192.168.0.1 217.96.80.174
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 21:25:12 | 000,000,000 | R--D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/11/04 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\mirra\Desktop\my little pony
[2012/11/02 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/11/02 22:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Polski)
[2012/11/02 20:42:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\SysInfo
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/02 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/02 14:50:29 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\LavasoftStatistics
[2012/11/02 12:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/11/02 11:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/11/02 11:22:22 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2012/11/02 11:22:21 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys
[2012/11/02 11:22:21 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/02 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/11/02 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\adawarebp
[2012/11/02 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/02 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Ad-Aware Antivirus
[2012/10/28 19:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\illiminable
[2012/10/14 15:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Było Sobie Życie
[2012/10/14 15:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Było Sobie Życie
[2012/10/14 13:50:51 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71u.dll
[2012/10/14 13:50:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFC71.dll
[2012/10/14 13:50:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\atl71.dll
[2012/10/14 13:50:49 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCP70.DLL
[2012/10/14 13:50:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVCR70.DLL
[2012/10/14 13:50:46 | 000,000,000 | ---D | C] -- C:\Users\mirra\AppData\Local\ApplicationHistory
[2012/10/14 13:48:03 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2012/10/14 13:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/10/10 08:43:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 08:43:12 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 08:43:12 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 08:43:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 08:43:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 08:43:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 08:43:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 08:43:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 08:43:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 08:43:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 08:43:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 08:43:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 08:43:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 08:43:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 08:43:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 08:42:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 08:42:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 08:42:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/05 21:53:00 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/05 21:31:32 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 21:31:31 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 21:28:21 | 001,580,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/05 21:28:21 | 000,708,346 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2012/11/05 21:28:21 | 000,625,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/05 21:28:21 | 000,141,070 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2012/11/05 21:28:21 | 000,110,980 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/05 21:25:13 | 000,000,665 | ---- | M] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/05 21:24:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/05 21:23:54 | 000,001,042 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/05 21:23:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/05 21:23:19 | 3736,924,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 21:22:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 20:43:13 | 000,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2012/11/02 11:22:56 | 000,001,670 | ---- | M] () -- C:\windows\Sandboxie.ini
[2012/11/01 07:17:09 | 000,065,694 | ---- | M] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | M] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:50:24 | 001,605,848 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/10/14 13:45:53 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/10/09 08:23:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 08:23:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\mirra\Documents\*.tmp files -> C:\Users\mirra\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 21:24:14 | 000,000,665 | ---- | C] () -- C:\windows\SysNative\phonebook.pbs
[2012/11/02 11:22:24 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/01 07:17:08 | 000,065,694 | ---- | C] () -- C:\Users\mirra\Desktop\swieca70533.gif
[2012/10/24 16:05:08 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2012/10/14 15:07:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Było Sobie Życie.lnk
[2012/10/14 13:50:50 | 000,000,093 | ---- | C] () -- C:\Users\mirra\AppData\Local\fusioncache.dat
[2012/10/14 13:45:52 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/08/29 08:02:10 | 000,755,027 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/08/29 08:02:10 | 000,159,839 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/08/29 08:02:09 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2012/08/29 08:02:07 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/03/27 23:02:48 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/03/15 23:43:46 | 000,001,670 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/02/02 12:35:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/26 23:23:20 | 000,026,624 | ---- | C] () -- C:\Users\mirra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:52:49 | 001,605,848 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/20 22:11:44 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/09/20 22:11:16 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/09/20 07:23:44 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/20 06:53:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/20 06:39:52 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/09/20 06:09:52 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
[2011/03/21 11:56:22 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/02/10 05:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Gadu-Gadu = "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray [sms-express.com]
SandboxieControl = "C:\Program Files\Sandboxie\SbieCtrl.exe" [SANDBOXIE L.T.D]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
AtherosBtStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [Atheros Communications]
AthBtTray = "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
QuickTime Task = "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [Apple Computer, Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
Ad-Aware Browsing Protection = "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [Lavasoft]
Ad-Aware Antivirus = "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [Lavasoft Limited]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Windows Live ID Sign-in Helper
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
				 \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
  -> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA609D72-8482-4076-8991-8CDAE5B93BCB}\(Default) = Samsung BHO Helper
  -> {HKLM…Wow…CLSID} = Samsung BHO Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper
					 \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
  -> {HKLM…CLSID} = Google Drive Shell extension
				 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM…CLSID} = DisplayCplExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
  -> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
  -> {HKLM…CLSID} = ContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
  -> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
				 \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{E99987AC-6311-4686-B095-EB30B69F9258} = Samsung AnyWeb Print Clipbook - shell extension module of desk band
  -> {HKLM…Wow…CLSID} = Samsung AnyWeb Print
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
  -> {HKLM…CLSID} = WLIDCredentialProvider
				 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
  -> {HKLM…CLSID} = AppShellPage Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
AdAwareContextMenu64\(Default) = {E110352D-007C-444F-851E-97EC0F161C99}
  -> {HKLM…CLSID} = AdAwareContextMenu Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll [Lavasoft Limited]
FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
  -> {HKLM…CLSID} = FTShellContext Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
  -> {HKLM…CLSID} = Ath_CopyHook
				 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = (no title provided)
				 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU…CLSID} = DropboxExt
				 \InProcServer32\(Default) = C:\Users\mirra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM…CLSID} = SimpleShlExt Class
				 \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

Default executables:
--------------------
HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
HKLM\SOFTWARE\Classes\.exe\shell\open\command\(Default) = (value not set)

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\mirra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd [mpc-hc@Sourceforge]
MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd [mpc-hc@Sourceforge]
MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]
MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 [mpc-hc@Sourceforge]
MShowDVFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video dv
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
MShowPictureFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = Picture
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" photo import "%L" [CyberLink Corp.]
MShowVideoFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = VideoFiles
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video import "%L" [CyberLink Corp.]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
				 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe"  "%L" [CyberLink Corp.]
P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe"  "%L" [CyberLink Corp.]
PDirDVArrival\
Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM…CLSID} = Shell Execute Hardware Event Handler
				 \LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
PDVD10PlayCDAudioOnArrival\
Provider = PowerDVD 10
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
PDVD10PlayDVDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
PDVD10PlayEnhancedDVDOnArrival\
Provider = PowerDVD 10
InvokeProgID = EnDVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
PDVD10PlaySVCDOnArrival\
Provider = PowerDVD 10
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
PDVD10PlayVCDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]
Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]
Power2GoPlayCDAudioOnArrival\
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]
PStarterBlankCDArrival\
Provider = Media Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
PStarterDVDBurningOnArrival\
Provider = Media Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
PStarterMixedCDArrival\
Provider = Media Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
PStarterMusicFilesArrival\
Provider = Media Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
PStarterPicturesArrival\
Provider = Media Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
PStarterVideoFilesArrival\
Provider = Media Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"  "%L" [CyberLink Corp.]
WIA_WPDArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe photo import wpd %1 %2;
  -> {HKLM…CLSID} = WPDShextAutoplay
				 \LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]

Non-disabled Scheduled Tasks:
-----------------------------
C:\Users\mirra\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C:\Windows\System32\Tasks
Ad-Aware Antivirus Scheduled Scan ->  launches: C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe --scan=full [Lavasoft Limited]
Adobe Flash Player Updater ->  launches: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
advSRS5 ->  launches: "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe" [SEC]
EasyBatteryManager -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe" [SAMSUNG Electronics co., LTD.]
EasyDisplayMgr -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe" [Samsung Electronics Co., Ltd.]
EasyPartitionManager -> (HIDDEN!) launches: C:\Windows\MSetup\BA46-12225A02\EPM.exe [file not found]
EcoMode ->  launches: "C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe" [Samsung Electronics]
Express Files Updater ->  launches: C:\Program Files (x86)\ExpressFiles\EFupdater.exe [file not found]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [CyberLink]
MovieColorEnhancer -> (HIDDEN!) launches: "C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe" [Samsung Electronics Co., Ltd.]
ProgramUpdateCheck ->  launches: C:\Program Files (x86)\File Type Assistant\TSAssist.exe /chkupd [Trusted Software ApS]
SamsungSupportCenter -> (HIDDEN!) launches: %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe [SAMSUNG Electronics]
SCCSpeedBoot -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SCCSpeedBoot.exe" /s [Samsung Electronics Co., Ltd.]
SmartSetting -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\SmartSetting.exe" [Samsung Electronics Co., Ltd.]
SUPBackground -> (HIDDEN!) launches: "%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe" [Samsung Electronics]
SvcDelay -> (HIDDEN!) launches: %windir%\temp\SvcDelay.exe [file not found]
WifiManager -> (HIDDEN!) launches: "%programfiles(x86)%\Samsung\Samsung Control Center\WifiManager.exe" hide [Samsung Electronics Co., Ltd.]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
  -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
				 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
					 \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM…CLSID} = KernelCeipCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM…CLSID} = UsbCeip
				 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
  -> {HKLM…Wow…CLSID} = UsbCeip
					 \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
				 \InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup ->  launches: C:\windows\System32\lpksetup.exe -v [MS]
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder ->  launches: C:\windows\System32\mcbuilder.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
				 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
					 \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
				 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
  -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
					 \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM…CLSID} = RasMobilityManager
				 \InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM…CLSID} = RegistryIdleBackupHandler
				 \InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
				 \InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM…CLSID} = RunTask
				 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
  -> {HKLM…Wow…CLSID} = RunTask
					 \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
				 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
					 \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
				 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
  -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
					 \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-564767970-4186023011-380315173-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E99987AC-6311-4686-B095-EB30B69F9258}\(Default) = Samsung AnyWeb Print
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{328ECD19-C167-40EB-A0C7-16FE7634105E}\
ButtonText = Samsung AnyWeb Print
CLSIDExtension = {94BB0C4C-B957-479A-85E4-42F53B89F681}
  -> {HKLM…Wow…CLSID} = W2PButton Class
					 \InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
  -> {HKLM…Wow…CLSID} = CIESpeechBHO Class
					 \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware, SBAMSvc, "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [GFI Software]
Ad-Aware Service, Ad-Aware Service, "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [Lavasoft Limited]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [empty string]
Sandboxie Service, SbieSvc, "C:\Program Files\Sandboxie\SbieSvc.exe" [SANDBOXIE L.T.D]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> Ad-Aware Service, Ad-Aware Service
<<!>> MSIServer, Service
<<!>> SBAMSvc, Service

Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PDF Maker Port\Driver = pdf_localmon.dll [Copyright (c) 2007-2009  Code-Industry Team]
PrimoMon\Driver = Primomonnt.dll [null data]
spd__ Langmon\Driver = spd__l.dll [empty string]

---------- (launch time: 2012-11-05 22:29:21)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 59 seconds, including 11 seconds for message boxes)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-05 23:57:27
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df78					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e156					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15c					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15e					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1b6					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e214					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593214					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593a15					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710724e2					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2					 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87		 0x50 0x75 0xE7 0x07 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1df78 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e156 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15c (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15e (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1b6 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e214 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593214 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593a15 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710724e2 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2 (not active ControlSet) 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87			 0x50 0x75 0xE7 0x07 ...
---- Files - GMER 1.0.15 ----
File  C:\Users\mirra\AppData\Local\Mozilla\Firefox\Profiles\agofqqgr.default\Cache\A\AC\EF3DBd01	   23568 bytes
---- EOF - GMER 1.0.15 ----

W temacie: Logi - Kontrolne sprawdzenie

05 11 2012 - 18:59

Faktycznie źle się wyraziłem. Kasperskiego zainstalowałem i proces skanowania też się zrobił. Natomiast chodzi mi o to, że po wywaleniu przez Kasperskiego raportu z lukami w systemie udało mi się część z nich poprawić ale część nie wiem jak zrobić i są to poniższe punkty:

Information about applications and operating system components in which vulnerabilities have been detected.

C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\windows\SysWOW64\msxml4.dll

oraz
Information about vulnerabilities associated with the settings of installed applications and the operating system.


Te antywiry i spyboota zainstalowałem wg porady z podstrony tego forum Bezpieczeństwo (wirusy i trojany) - Forum Komputerowe Tweaks.pl

Czyli zostawić powiedzmy Sandboxie i Ad-aware i wrzucić nowe logi?

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: boruurob
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·