Infekcja go.speedbit.com

**Posty:** 704 · przez **darktraveler** 06 Mar 2014, 23:35

Proszę o pomoc gdyż nie mogę sobie z tym poradzić.
Jak w temacie przypałętało się jakieś ...

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2014-03-06 22:19:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\Instalki\Kaspersky Internet Security 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,99 Gb Total Physical Memory | 5,34 Gb Available Physical Memory | 66,86% Memory free 15,98 Gb Paging File | 12,91 Gb Available in Paging File | 80,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 28,00 Gb Free Space | 23,50% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 111,40 Gb Free Space | 74,14% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 70,27 Gb Free Space | 30,18% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 117,67 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive G: | 390,62 Gb Total Space | 92,13 Gb Free Space | 23,58% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 23,08 Gb Free Space | 11,82% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 113,05 Gb Free Space | 57,88% Space Free | Partition Type: NTFS Computer Name: BLODYTRAVELER | User Name: Traveler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-03-04 17:18:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Instalki\Kaspersky Internet Security\OTL.exe PRC - [2014-02-18 21:03:01 | 000,996,544 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2014-02-18 20:28:49 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2014-02-18 06:14:46 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr_im.exe PRC - [2014-02-18 06:14:44 | 000,067,136 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr.exe PRC - [2014-02-15 08:34:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-01-30 19:53:33 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-11-17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe PRC - [2013-11-15 09:56:36 | 004,881,624 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire2\Xfire.exe PRC - [2013-10-11 13:25:30 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2013-09-30 07:02:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-09-15 13:12:54 | 000,535,752 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe PRC - [2013-02-01 14:50:22 | 001,641,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe PRC - [2013-01-23 07:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2012-12-18 20:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2011-09-15 05:19:54 | 000,086,016 | ---- | M] () -- D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe PRC - [2011-07-28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\netcut\services\AIPS.exe PRC - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-03-02 10:27:42 | 000,525,944 | ---- | M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll MOD - [2014-02-15 08:34:29 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014-02-12 20:16:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll MOD - [2014-02-12 20:15:27 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll MOD - [2014-02-12 20:15:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll MOD - [2014-02-12 20:14:52 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll MOD - [2014-02-12 20:14:50 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll MOD - [2014-02-12 20:14:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll MOD - [2014-02-12 19:23:34 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll MOD - [2014-02-12 19:23:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll MOD - [2014-02-12 19:23:22 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll MOD - [2014-02-12 19:23:17 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll MOD - [2014-02-12 19:23:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll MOD - [2014-02-12 19:23:16 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll MOD - [2014-02-12 19:23:15 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014-02-12 19:23:14 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll MOD - [2014-02-12 19:23:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll MOD - [2014-02-12 19:23:13 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll MOD - [2014-02-12 19:23:12 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll MOD - [2014-02-12 19:23:11 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll MOD - [2014-02-12 19:23:10 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014-02-12 19:23:10 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll MOD - [2014-02-12 19:23:09 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014-02-12 19:23:04 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2013-11-21 01:05:26 | 000,256,000 | ---- | M] () -- C:\PROGRA~2\Raptr\amd_ags.dll MOD - [2013-06-17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll MOD - [2013-05-10 00:52:58 | 001,183,699 | ---- | M] () -- C:\PROGRA~2\Raptr\liboscar.dll MOD - [2013-05-10 00:52:58 | 000,483,306 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libicq.dll MOD - [2013-05-10 00:52:56 | 000,495,680 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libaim.dll MOD - [2013-05-03 19:57:16 | 001,640,221 | ---- | M] () -- C:\PROGRA~2\Raptr\libjabber.dll MOD - [2013-05-03 19:57:14 | 001,053,730 | ---- | M] () -- C:\PROGRA~2\Raptr\libymsg.dll MOD - [2013-05-03 19:57:06 | 000,655,356 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libirc.dll MOD - [2013-05-03 19:57:04 | 000,603,326 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl-nss.dll MOD - [2013-05-03 19:57:02 | 000,474,199 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl.dll MOD - [2013-05-03 19:57:00 | 000,497,782 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoojp.dll MOD - [2013-05-03 19:56:50 | 001,306,387 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libmsn.dll MOD - [2013-05-03 19:56:46 | 000,565,461 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libxmpp.dll MOD - [2013-05-03 19:56:44 | 000,506,276 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoo.dll MOD - [2013-01-23 07:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2013-01-16 17:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2013-01-16 17:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2013-01-16 17:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2013-01-16 17:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2013-01-16 17:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2012-10-27 08:53:18 | 002,717,595 | ---- | M] () -- C:\PROGRA~2\Raptr\heliotrope._purple.pyd MOD - [2012-09-23 20:44:24 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\pl_pl\acrotray.pol MOD - [2012-06-22 22:59:52 | 000,313,856 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtWebKit.pyd MOD - [2012-06-22 22:55:58 | 000,494,592 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtNetwork.pyd MOD - [2012-06-22 22:53:22 | 005,812,736 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtGui.pyd MOD - [2012-06-22 22:39:06 | 001,662,464 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtCore.pyd MOD - [2012-06-22 22:24:28 | 000,067,584 | ---- | M] () -- C:\PROGRA~2\Raptr\sip.pyd MOD - [2012-02-06 21:28:48 | 000,011,264 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Util._counter.pyd MOD - [2012-02-06 21:28:42 | 000,031,744 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Cipher.AES.pyd MOD - [2012-02-06 21:28:34 | 000,010,752 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Random.OSRNG.winrandom.pyd MOD - [2011-05-10 20:01:42 | 000,030,208 | ---- | M] () -- C:\PROGRA~2\Raptr\simplejson._speedups.pyd MOD - [2011-04-30 20:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2011-02-15 19:17:28 | 001,213,633 | ---- | M] () -- C:\PROGRA~2\Raptr\libxml2-2.dll MOD - [2011-02-15 19:17:28 | 000,417,501 | ---- | M] () -- C:\PROGRA~2\Raptr\sqlite3.dll MOD - [2010-11-23 00:06:22 | 000,055,808 | ---- | M] () -- C:\PROGRA~2\Raptr\zlib1.dll MOD - [2010-11-22 23:57:34 | 000,167,936 | ---- | M] () -- C:\PROGRA~2\Raptr\win32gui.pyd MOD - [2010-11-22 23:57:34 | 000,111,104 | ---- | M] () -- C:\PROGRA~2\Raptr\win32file.pyd MOD - [2010-11-22 23:57:34 | 000,096,256 | ---- | M] () -- C:\PROGRA~2\Raptr\win32api.pyd MOD - [2010-11-22 23:57:34 | 000,036,352 | ---- | M] () -- C:\PROGRA~2\Raptr\win32process.pyd MOD - [2010-11-22 23:57:34 | 000,016,384 | ---- | M] () -- C:\PROGRA~2\Raptr\win32trace.pyd MOD - [2010-11-22 23:57:18 | 000,141,312 | ---- | M] () -- C:\PROGRA~2\Raptr\gobject._gobject.pyd MOD - [2010-11-22 23:57:06 | 000,263,168 | ---- | M] () -- C:\PROGRA~2\Raptr\win32com.shell.shell.pyd MOD - [2010-11-22 23:56:56 | 000,354,304 | ---- | M] () -- C:\PROGRA~2\Raptr\pythoncom26.dll MOD - [2010-11-22 23:56:56 | 000,110,592 | ---- | M] () -- C:\PROGRA~2\Raptr\pywintypes26.dll MOD - [2010-11-22 23:56:26 | 000,324,608 | ---- | M] () -- C:\PROGRA~2\Raptr\PIL._imaging.pyd MOD - [2010-11-22 23:56:02 | 000,805,376 | ---- | M] () -- C:\PROGRA~2\Raptr\_ssl.pyd MOD - [2010-11-22 23:56:02 | 000,583,680 | ---- | M] () -- C:\PROGRA~2\Raptr\unicodedata.pyd MOD - [2010-11-22 23:56:02 | 000,356,864 | ---- | M] () -- C:\PROGRA~2\Raptr\_hashlib.pyd MOD - [2010-11-22 23:56:02 | 000,127,488 | ---- | M] () -- C:\PROGRA~2\Raptr\pyexpat.pyd MOD - [2010-11-22 23:56:02 | 000,124,928 | ---- | M] () -- C:\PROGRA~2\Raptr\_elementtree.pyd MOD - [2010-11-22 23:56:02 | 000,087,040 | ---- | M] () -- C:\PROGRA~2\Raptr\_ctypes.pyd MOD - [2010-11-22 23:56:02 | 000,044,544 | ---- | M] () -- C:\PROGRA~2\Raptr\_sqlite3.pyd MOD - [2010-11-22 23:56:02 | 000,043,008 | ---- | M] () -- C:\PROGRA~2\Raptr\_socket.pyd MOD - [2010-11-22 23:56:02 | 000,010,240 | ---- | M] () -- C:\PROGRA~2\Raptr\select.pyd MOD - [2010-11-22 23:56:02 | 000,009,216 | ---- | M] () -- C:\PROGRA~2\Raptr\winsound.pyd [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-03-02 10:27:50 | 002,541,688 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd) SRV:[b]64bit:[/b] - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-01-03 08:36:38 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:[b]64bit:[/b] - [2013-12-06 21:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010-08-30 14:10:08 | 001,743,872 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV:[b]64bit:[/b] - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-02-21 17:59:01 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-02-21 14:54:16 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014-02-21 14:54:14 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014-02-15 08:34:29 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-12-19 23:50:00 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-10-11 13:25:30 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2013-10-04 13:10:12 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2013-09-30 07:02:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-02-28 18:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-18 20:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-09-04 10:14:23 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011-09-15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64) SRV - [2011-07-28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files (x86)\netcut\services\AIPS.exe -- (AIPS) SRV - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-03-02 10:27:50 | 000,041,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys -- (SBUpdd) DRV:[b]64bit:[/b] - [2014-02-21 14:55:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2014-02-18 21:04:30 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2014-02-18 21:04:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2014-02-18 21:04:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:[b]64bit:[/b] - [2013-12-19 08:43:49 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2013-12-18 17:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013-12-06 22:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-12-06 21:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-12-01 15:02:16 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2013-11-15 07:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt) DRV:[b]64bit:[/b] - [2013-11-15 07:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:[b]64bit:[/b] - [2013-10-11 13:25:26 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2013-10-11 13:25:26 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2013-10-02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-09-24 15:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2013-09-14 19:48:41 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2013-05-14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:[b]64bit:[/b] - [2013-04-30 10:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:[b]64bit:[/b] - [2013-04-30 10:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:[b]64bit:[/b] - [2013-04-12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:[b]64bit:[/b] - [2013-01-17 20:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:[b]64bit:[/b] - [2012-09-20 13:45:56 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:[b]64bit:[/b] - [2012-09-20 13:45:56 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:[b]64bit:[/b] - [2012-09-20 13:45:28 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CD7.sys -- (SaiK0CD7) DRV:[b]64bit:[/b] - [2012-09-20 13:45:22 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK1708.sys -- (SaiK1708) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-08-24 18:53:29 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-03-08 08:53:14 | 000,022,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-12-02 11:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2011-10-08 02:14:20 | 000,027,608 | ---- | M] (XBCD Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD) DRV:[b]64bit:[/b] - [2011-09-29 10:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-09-16 08:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) DRV:[b]64bit:[/b] - [2011-09-16 08:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,057,960 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,057,960 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:[b]64bit:[/b] - [2011-05-20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-09 17:45:12 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi) DRV:[b]64bit:[/b] - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2010-08-30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:[b]64bit:[/b] - [2010-08-30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:[b]64bit:[/b] - [2010-08-30 14:38:36 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV:[b]64bit:[/b] - [2010-06-25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2009-12-30 10:21:04 | 000,030,776 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-11-24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:[b]64bit:[/b] - [2009-11-24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:[b]64bit:[/b] - [2009-07-16 10:20:26 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-07-24 19:02:14 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013-05-31 16:12:51 | 000,031,136 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64) DRV - [2013-02-05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013-01-23 07:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2012-08-01 14:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2011-06-02 09:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999-09-10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A} IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms} IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms} IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - prefs.js..keyword.URL: "http://go.speedbit.com/search.aspx?s=E21b&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Traveler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-24 16:49:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-06-17 13:35:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-09-15 13:11:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014-02-05 18:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014-02-05 18:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-09-15 13:11:04 | 000,000,000 | ---D | M] [2013-04-17 06:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Traveler\AppData\Roaming\mozilla\Extensions [2013-04-17 06:43:32 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Traveler\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks [2014-02-15 08:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-02-15 08:34:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4816_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\ O1 HOSTS File: ([2014-03-04 17:33:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [Spotify Web Helper] C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [uTorrent] C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - Startup: C:\Users\Traveler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame File not found O8:[b]64bit:[/b] - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image File not found O8:[b]64bit:[/b] - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link File not found O8:[b]64bit:[/b] - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude File not found O8:[b]64bit:[/b] - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report File not found O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame File not found O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image File not found O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link File not found O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude File not found O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report File not found O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} https://dokumax.max-boegl.de/content/static/ecm/activex/Enable_Edit_In_Place.cab (InPEditor Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F7064A7-26C8-4F79-8950-B1A240BCFA44}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D395B88C-BE42-4389-B68D-0FB8DAD83354}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-01-14 18:59:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2014-03-06 21:21:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014-03-06 22:09:52 | 000,097,788 | ---- | M] () - C:\autoupdate.log -- [ NTFS ] O32 - AutoRun File - [2014-01-03 08:44:12 | 000,000,000 | ---D | M] - D:\Autodesk 3DS Max -- [ NTFS ] O32 - AutoRun File - [2014-01-03 15:59:05 | 000,000,000 | ---D | M] - D:\Autodesk Dokumenty -- [ NTFS ] O32 - AutoRun File - [2014-01-03 08:45:08 | 000,000,000 | ---D | M] - D:\Autodesk Mudbox -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-03-06 22:08:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-03-06 22:08:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2014-03-06 22:03:38 | 005,187,080 | R--- | C] (Swearware) -- C:\ComboFix.exe [2014-03-06 21:54:46 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-03-06 21:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014-03-06 21:54:10 | 000,092,376 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014-03-06 21:54:10 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014-03-06 21:54:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014-03-06 21:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014-03-06 21:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014-03-06 21:29:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-03-06 21:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2014-03-05 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\Adobe [2014-03-04 20:29:28 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2014-03-04 20:29:28 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2014-03-04 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\GHISLER [2014-03-04 17:27:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2014-03-04 17:27:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2014-03-04 17:27:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2014-03-04 17:27:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2014-03-04 17:27:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014-03-01 07:59:27 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Thief [2014-02-23 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\com.efile.epity2013 [2014-02-23 17:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity [2014-02-23 17:17:30 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\fillUp [2014-02-23 17:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\e-file [2014-02-18 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Respawn [2014-02-15 13:39:04 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Niestandardowe szablony pakietu Office [2014-02-15 08:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014-02-14 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\Apple Computer [2014-02-12 19:20:04 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-02-12 19:19:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-02-12 19:19:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-02-12 19:19:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-02-12 19:19:41 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-02-12 19:19:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-02-12 19:19:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-02-12 19:19:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-02-12 19:19:40 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-02-12 19:19:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-02-12 19:19:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-02-12 19:19:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-02-12 19:19:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-02-12 19:19:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-02-12 19:19:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-02-12 19:19:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-02-12 19:19:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-02-12 19:19:39 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-02-12 19:19:39 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-02-12 19:19:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-02-12 19:19:39 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-02-12 19:19:38 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-02-12 19:19:38 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-02-12 19:19:36 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-02-12 19:18:25 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2014-02-12 19:18:25 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2014-02-12 19:18:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2014-02-12 19:18:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2014-02-12 19:18:25 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2014-02-12 19:18:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2014-02-12 19:18:25 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll [2014-02-12 19:18:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2014-02-12 19:18:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2014-02-12 19:18:25 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2014-02-12 19:18:25 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2014-02-12 19:18:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2014-02-12 19:18:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2014-02-12 19:18:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2014-02-12 19:18:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2014-02-12 19:18:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2014-02-12 19:18:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2014-02-12 19:18:20 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2014-02-12 19:18:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2014-02-12 19:18:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2014-02-12 19:18:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2014-02-11 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\LooksBuilder [2014-02-11 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\Red Giant Link [2014-02-11 21:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant [2014-02-11 21:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks [2014-02-11 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder [2014-02-11 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Giant Link [2014-02-11 21:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RedGiant [2014-02-10 21:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2014-02-10 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2014-02-10 21:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2014-02-10 21:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2014-02-10 21:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2014-02-10 21:13:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014-02-10 21:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2014-02-10 21:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2014-02-10 21:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2014-02-10 21:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2014-02-10 21:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2014-02-10 21:12:11 | 000,000,000 | R--D | C] -- C:\MSOCache [2014-02-05 18:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-03-06 22:16:37 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-03-06 22:16:37 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-03-06 22:15:46 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-03-06 22:15:46 | 000,741,988 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-03-06 22:15:46 | 000,654,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-03-06 22:15:46 | 000,156,632 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-03-06 22:15:46 | 000,122,684 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-03-06 22:09:50 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-03-06 22:09:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-03-06 22:09:23 | 2140,790,783 | -HS- | M] () -- C:\hiberfil.sys [2014-03-06 21:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-03-06 21:54:11 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-03-06 21:21:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014-03-04 17:33:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014-03-04 17:23:23 | 005,187,080 | R--- | M] (Swearware) -- C:\ComboFix.exe [2014-02-26 21:59:31 | 000,007,601 | ---- | M] () -- C:\Users\Traveler\AppData\Local\Resmon.ResmonCfg [2014-02-25 18:29:14 | 000,006,164 | ---- | M] () -- C:\Users\Traveler\AppData\Local\recently-used.xbel [2014-02-21 17:59:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-02-21 17:59:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-02-21 14:55:56 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014-02-21 14:55:44 | 000,092,376 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014-02-21 14:55:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014-02-18 21:04:30 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014-02-18 21:04:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2014-02-18 21:04:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014-02-18 20:28:49 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2014-02-17 17:57:28 | 015,464,789 | ---- | M] () -- C:\Users\Traveler\Desktop\Diablo III Caramelldansen.mp4 [2014-02-16 17:54:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2014-02-16 17:54:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-02-16 17:47:06 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014-02-13 21:40:49 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-02-13 21:40:49 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-02-12 19:21:13 | 001,645,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-02-11 20:34:38 | 000,022,528 | ---- | M] () -- C:\Users\Traveler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-11 15:33:12 | 005,018,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-02-09 10:29:19 | 000,124,074 | ---- | M] () -- C:\Users\Traveler\Documents\cc_20140209_102907.reg [2014-02-06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-02-06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-02-06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-02-06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-02-06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-02-06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-02-06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-02-06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-02-06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-02-06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-02-06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-02-06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-02-06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-03-06 21:54:11 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014-03-06 21:21:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014-03-04 17:27:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014-03-04 17:27:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014-03-04 17:27:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014-03-04 17:27:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014-03-04 17:27:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014-02-25 18:29:14 | 000,006,164 | ---- | C] () -- C:\Users\Traveler\AppData\Local\recently-used.xbel [2014-02-23 17:17:33 | 000,001,177 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2013 - program, pity roczne, e-deklaracje.lnk [2014-02-18 20:28:49 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2014-02-17 17:56:44 | 015,464,789 | ---- | C] () -- C:\Users\Traveler\Desktop\Diablo III Caramelldansen.mp4 [2014-02-09 10:29:16 | 000,124,074 | ---- | C] () -- C:\Users\Traveler\Documents\cc_20140209_102907.reg [2014-01-18 09:46:26 | 000,000,037 | ---- | C] () -- C:\Users\Traveler\.gtk-bookmarks [2014-01-03 11:21:54 | 000,000,132 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Adobe Targa Format CS6 Prefs [2013-12-06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013-11-08 23:38:38 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\clinfo.exe [2013-10-10 17:52:32 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI [2013-10-08 13:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013-10-08 13:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013-09-01 11:02:17 | 000,000,145 | ---- | C] () -- C:\Users\Traveler\.gxiso [2013-08-07 18:11:28 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-08-07 18:11:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-07-24 16:47:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013-07-08 08:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll [2013-04-27 08:39:06 | 000,001,855 | ---- | C] () -- C:\Users\Traveler\.swfinfo [2013-04-03 06:46:02 | 000,011,761 | ---- | C] () -- C:\Users\Traveler\AppData\Local\unins000.msg [2013-04-03 06:46:02 | 000,002,445 | ---- | C] () -- C:\Users\Traveler\AppData\Local\unins000.dat [2013-03-29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-03-29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-03-02 11:15:29 | 000,000,000 | ---- | C] () -- C:\Users\Traveler\necflash [2013-02-19 18:59:58 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013-02-19 18:59:58 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013-02-16 12:45:54 | 001,065,984 | ---- | C] () -- C:\Users\Traveler\AppData\Local\file__0.localstorage [2013-02-06 20:11:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013-02-06 20:11:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013-02-06 20:11:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013-02-06 20:11:48 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013-02-01 19:54:59 | 000,000,132 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012-12-18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-12-18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-12-18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-12-18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-12-18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-11-21 14:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-11-14 10:03:01 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-11-11 15:41:08 | 000,007,601 | ---- | C] () -- C:\Users\Traveler\AppData\Local\Resmon.ResmonCfg [2012-11-05 15:02:08 | 000,260,580 | ---- | C] () -- C:\Windows\SysWow64\temp.bin [2012-11-04 18:43:29 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32_2.47(dobreprogramy.pl).INI [2012-09-30 18:59:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe [2012-09-30 18:59:26 | 000,001,902 | ---- | C] () -- C:\Windows\unins001.dat [2012-09-30 15:04:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012-09-30 12:44:04 | 001,174,979 | ---- | C] () -- C:\Windows\unins000.exe [2012-09-30 12:44:04 | 000,001,257 | ---- | C] () -- C:\Windows\unins000.dat [2012-09-28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012-09-13 14:18:48 | 000,022,528 | ---- | C] () -- C:\Users\Traveler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-09-04 10:15:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012-09-03 14:40:07 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-08-24 16:02:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-08-24 15:34:16 | 001,645,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-23 21:36:42 | 000,017,408 | ---- | C] () -- C:\Users\Traveler\AppData\Local\WebpageIcons.db [2012-08-23 21:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-08-21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-08-21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-08-21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-01-03 08:50:19 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Autodesk [2013-05-14 13:52:06 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\AVI ReComp [2013-10-27 07:35:56 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Battle.net [2014-01-02 17:55:46 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Blender Foundation [2013-02-04 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-12-20 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2014-02-23 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\com.efile.epity2013 [2013-09-14 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\DesktopIconGoodgame [2013-06-26 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Downloaded Installations [2012-09-26 06:17:55 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\e-academy Inc [2013-04-03 06:50:08 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\efile.epity2012 [2014-02-23 17:17:30 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\fillUp [2014-02-18 20:34:23 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\GG [2013-11-01 07:49:48 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\GHISLER [2013-11-17 18:24:55 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Guild Wars 2 [2013-05-19 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\IVONA 2 Voice [2013-07-30 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\IVONA Reader [2013-08-04 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Leadertech [2013-10-13 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\library_dir [2013-12-10 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Litecoin [2013-10-20 15:50:25 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\livestreamer [2012-11-07 09:28:54 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\LolClient [2012-09-10 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\NapiProjekt [2012-10-01 12:01:09 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Notepad++ [2013-09-01 09:11:45 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\OBS [2013-08-15 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\OnLive App [2013-10-29 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Origin [2012-09-30 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\PACE Anti-Piracy [2013-06-26 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\PingPlotter [2013-05-15 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Process Hacker 2 [2013-02-06 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Publish Providers [2013-06-16 06:37:16 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Rainmeter [2014-03-06 22:09:56 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Raptr [2014-02-11 21:04:27 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Red Giant Link [2013-02-19 18:37:26 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Samsung [2012-12-20 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\SolidDocuments [2013-02-08 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Sony [2013-02-06 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Sony Creative Software Inc [2012-09-30 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\SplitMediaLabs [2014-03-01 19:44:56 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Spotify [2012-08-24 15:26:51 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Thunderbird [2013-08-22 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Trine2 [2014-03-05 20:02:06 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\TS3Client [2012-10-06 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\ts3overlay [2013-07-11 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Unity [2014-03-06 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\uTorrent [2014-02-02 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Vulcan [2013-02-01 08:55:14 | 000,000,000 | -HSD | M] -- C:\Users\Traveler\AppData\Roaming\wyUpdate AU [2014-02-03 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\XBMC [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1324 bytes -> C:\Program Files\Common Files\System:Ird6t7yar5Br8KeIkiwcFKbDn @Alternate Data Stream - 1301 bytes -> C:\ProgramData\Microsoft:EHT8eZRMBOHfcPGFDsHqN4JWyRdLe @Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:2P5XMzuDsKGYgzlw7 @Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:rHWIFO7Sz2TVLTQCHn < End of report >

OTL Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-03-06 22:19:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\Instalki\Kaspersky Internet Security 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,99 Gb Total Physical Memory | 5,34 Gb Available Physical Memory | 66,86% Memory free 15,98 Gb Paging File | 12,91 Gb Available in Paging File | 80,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 28,00 Gb Free Space | 23,50% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 111,40 Gb Free Space | 74,14% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 70,27 Gb Free Space | 30,18% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 117,67 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive G: | 390,62 Gb Total Space | 92,13 Gb Free Space | 23,58% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 23,08 Gb Free Space | 11,82% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 113,05 Gb Free Space | 57,88% Space Free | Partition Type: NTFS Computer Name: BLODYTRAVELER | User Name: Traveler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [ZXBTools] -- "I:\Dokumenty\Lukasz\XBOX\XBOX\Programy PC\ZXBTools_1.6a\ZXBTools_1.6a\ZXBTools.exe" -c "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [ZXBTools] -- "I:\Dokumenty\Lukasz\XBOX\XBOX\Programy PC\ZXBTools_1.6a\ZXBTools_1.6a\ZXBTools.exe" -c "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01452DAE-8962-4658-BBE4-99E8D237FA52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{12A6BF51-1E4F-4CEA-9748-7DC08B6D4AE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A85F331-2A6E-4176-A72C-F813AE0A2EB9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1CB437CF-E479-4504-819A-4E23A9A9B324}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2225DC95-737E-4488-9E90-50E60318A904}" = rport=445 | protocol=6 | dir=out | app=system | "{2998F21D-768B-4993-A982-D631F1F7FC71}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2B7E2206-5909-4D01-B7DC-F3E524F0FBE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{40C3B988-F4C4-4DE0-9D35-BD2DEB565E03}" = rport=138 | protocol=17 | dir=out | app=system | "{4D080D06-C5EC-4406-B51B-E86C24C52CAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D717568-A45B-4CCE-8590-13E7733EBA57}" = lport=139 | protocol=6 | dir=in | app=system | "{74A67508-09F1-4A78-B793-C95B00DA57C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81210ECD-31B8-4A65-8CA2-B2CAA1020CC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86215E86-B5EF-47D7-9FDF-94C6CE304783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C89ABBF-03E0-4198-8687-0C38FD8C3DCF}" = lport=445 | protocol=6 | dir=in | app=system | "{A71FD2DA-870C-412F-A9C3-D1AD4959C2BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD779245-AA4D-4F0C-AC5E-D3E702FBAD70}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2EEED42-722C-4174-89DF-084C43445899}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B81A0BCA-766F-4894-99CF-1F96755066F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA9F3163-4C70-4F48-8502-1A4B5A886021}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C29BBF9C-2BED-42EE-8364-4C57844B93EF}" = rport=10243 | protocol=6 | dir=out | app=system | "{C797A11A-7165-4073-9257-EBE1EC721AD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8FC3958-7EE5-44EF-86E0-5C31FEB19B72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF0CEDE3-DE33-45AC-A1D5-C93FCBD1071A}" = lport=137 | protocol=17 | dir=in | app=system | "{D2E4F679-0B28-4195-849D-485E7FAD700D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8667390-8B74-44A1-9454-2A63D62983CE}" = rport=139 | protocol=6 | dir=out | app=system | "{DA0AB206-0A58-4A92-BE60-C8A5655F2620}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E66494A4-7740-4A77-801B-60EBDC58CC54}" = lport=10243 | protocol=6 | dir=in | app=system | "{F3610ABE-A81F-41D5-8BDB-C089E3078426}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F3D669C9-776A-4513-B65C-97FBA09091AF}" = lport=138 | protocol=17 | dir=in | app=system | "{F6122469-F483-49BD-B5E0-3D5C02A2D462}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FE966347-890B-42A9-AB22-EECD7E1F13E5}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F8568F-A616-49B6-8382-A5F2502E1674}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\eye\eye.exe | "{045FB9BF-1058-470C-9D6E-66DD791249A2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0478195B-47C4-4A20-BF52-199738C134B9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{04C9CC23-29D9-48F8-BF76-3D311EBB10F4}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{0520B5E2-B38C-4D81-AE90-B744319DA91D}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{06D0104B-C96B-4E91-9DF3-0C0159EC5334}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\cargo commander\cargocommander.exe | "{072C8CBD-D74A-4B62-987D-62E2EEFA4F86}" = protocol=17 | dir=in | app=f:\gry\hearthstone\hearthstone.exe | "{0983B39C-881F-4B52-B6E8-3C83D4E0AB9B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{09B54D6D-FAFA-4ABF-AF92-D97EEA93FBF8}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{0A381E3F-5DD7-4A85-B38C-9A2ED03AA9CC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0AE56429-129C-4DA2-AAC9-382C72B60018}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{0B84CE12-1092-4376-89E8-D8F0D89139A8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0BDB6BA2-5429-4632-80C9-C957E1746BC4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0BE003FB-8FC0-455F-81A9-E9AC3C59EA5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0D81405D-3A51-499F-B062-C8D26BDBE92E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0DD847CE-5862-4B0D-AF04-AF3608E6D1AF}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{0E2669D2-238C-4416-B2DD-5031FC3534D9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\metro 2033\metro2033.exe | "{0F0861EB-5133-40F8-A881-6573E51680F2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\the binding of isaac\isaac.exe | "{0FC70D4C-BE6F-4539-AC21-B1C5F3E9A00F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0FE150B2-0DDE-40ED-B98F-D947320B8C5C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{12004D6A-0F10-463B-9C0F-515B944D7816}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{14EC54A3-CA3C-401A-878F-A1BE8BE46A8F}" = protocol=6 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe | "{1627D75E-C4C3-4139-A7FD-478C07833BC9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{164A89E4-0DEA-44A8-9542-6D7DA78CFC6F}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{16FEC46D-856C-4EF6-9015-39A363549A2B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{17015459-B1F0-41AC-A2AB-7B348F266544}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{17B45E0D-30E6-47F4-85C9-856D3D2E8B70}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\eye\eye.exe | "{18D1C334-7AD2-413A-AB54-D6968B41C08F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A6DB263-355B-4066-B3E6-7FC9811FEBCF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{1AD9C7D8-43A7-4FBD-B84B-CF714084E0C1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{1B8223D3-9EEA-40A7-A591-CF9C7D1EB261}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | "{1C3B106A-885A-4D1F-B4E9-EDD7E294CA08}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{1C52BC9F-3CCF-45BB-99B4-036C5C253007}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{1C983F4A-61B5-401D-9417-928AF57011B0}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\ac3mp.exe | "{1E187CA6-9EBE-4B3A-A348-E50453FCCCB9}" = protocol=6 | dir=out | app=system | "{1E32632E-4EA7-44B5-84E9-209326706088}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{1E7F77EA-5B37-41BF-812E-110E51648C4C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{1EF92241-8CB2-45B5-B637-64F02DAA8999}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\metro 2033\metro2033.exe | "{1FC9B45A-4A62-4994-92AB-836FC2E5CFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{1FFC1986-EC53-4E0F-A5E6-4F37249C0645}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{24951873-5C4A-483A-A94D-DA98461BA985}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{24CA3CA7-E786-4414-822A-1ADDA831D111}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{25615032-C4E2-4FA4-A085-4C7E3457B705}" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "{25FF407B-D66A-40AD-8EA1-FFD26714B35A}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{27F1AAFF-B374-4C01-8CF9-9B71E54C2C14}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | "{281917D8-7CAA-4B88-9305-F9ED244F2872}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\utorrent\utorrent.exe | "{29129E85-68DF-4F01-BE05-306DFB46060E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\terraria\terraria.exe | "{291E1EA6-4FAD-4152-AFDF-056A49053B4B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alan wake\alanwake.exe | "{2B18C1A6-0FA4-4335-A934-F349AFFA445F}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{2B4EA4F5-C29A-4E91-B388-3F71A590A3C1}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{2BB2A914-E750-478C-BA9E-877AAA92C6F9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{3166D7BE-2D5A-4283-A299-FC1972676D89}" = protocol=17 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe | "{316A36CA-FF0E-44CB-ADCE-5C006322F518}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{333C5851-B7A1-401E-99AC-35EC532C4739}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{335787E7-02E5-40D4-B7D6-7872DD8E9524}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\ac3sp.exe | "{33625709-66B7-4D00-8187-3B95FBF9D62E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\limbo\limbo.exe | "{343C6AB8-2029-4E8A-ACC0-EA60EA9D0B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{345F832F-E86E-47C6-8940-A495CF46719F}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{3470914B-2D40-48E2-9F46-B40D7B495254}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{3470A51F-5F7A-489B-97C1-88E3D5807645}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\bit.trip runner\runner.exe | "{349B9D17-1823-4AE3-80C7-3F206733EF0E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | "{34A498EE-E87F-4E36-9C22-B80497F0CB65}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{363E1CEF-80D0-489F-B1C2-7D5EA2EBDF85}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{37E141E2-DFF1-434B-A562-2281910F46D1}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{38A1BD74-CC38-4EE0-BF09-B1E8B2D71083}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{3A939DA8-70C8-4E9D-8FA3-DF319ADEF2CF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{3C12B912-5CBA-4E30-9C3C-254CAC33F81C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\jamestown\jamestown.exe | "{3C17D66B-43E3-499D-9DA4-8AB825E3E6B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3DC14A7F-4648-4543-BAC8-6B726A361798}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{3E4AA096-31B7-4A47-ACBE-20C51A3718CA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{3F804350-334B-4B86-A877-3EC36E8F4101}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | "{403ADE2E-1EFA-481B-B49A-A73BA2AFDD88}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{408C01A0-2B7C-478E-9085-3C14357C43F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40A17301-7B4A-44DE-8ACB-C6C6E926A719}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{40B06251-E301-44C3-8C92-872D07C4BF50}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{418D25E5-B806-4A86-8805-0DA1B290D5BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{420920AA-4676-41D1-A250-CB65ED1D9783}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{429FD814-8481-4473-8BF2-11EDCC61FDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{460D91A0-5327-4F00-AA13-7E0327C2C3EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{47EADC57-923C-4D57-9523-7CC7DA9DAEFF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{4818307A-3D88-4C03-8D65-FB2A789E0B3B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{493A8540-2767-46F3-94F1-49907F3DBE0A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\magicka\magicka.exe | "{49C373CF-8EBD-4555-ABAB-ADDA5B63E9F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4C49AA41-0C0B-456C-BEC1-A9C12D779EAB}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{4C7924D0-2873-43CC-A078-27302FCB2EDD}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\spelunky\spelunky.exe | "{4C852A63-A19C-4039-96E6-D69578776F57}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{4C856771-1285-4D3B-8CC9-D0D5830DF2B6}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{4D5275D1-D825-40F8-A6E9-8E7E6A2672AA}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{4E3D9BF7-B1EF-4618-A16E-B87AF4B512C0}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{4E5F16DB-3866-4E1A-B9CF-CEE755F77DB4}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{4EF7079F-9C47-4681-B4A8-E1BB5BF0982C}" = protocol=6 | dir=in | app=f:\gry\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe | "{50378406-AD5B-4E15-99F7-B14584F3803B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{51665BE9-2361-4750-9A29-0BB3CBD5F8E5}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{51CD47F2-7E72-48DF-B631-F1023C686A58}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\counter-strike\hl.exe | "{52488645-827D-4757-BFB4-70333498ED47}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{52C45FFF-E18F-419D-A824-F83F7FED67EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{538C9023-4D8D-438B-93B4-4E3BF86482F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55921E84-4CBD-4F8B-A029-732BFF684711}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{55D3D37B-A2F1-46D3-8562-B76215F611C0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{57C120C2-A368-4A1B-9398-4EE741C31080}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{58164C25-F1C6-48A0-BE82-A648C31624CE}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\magicka\magicka.exe | "{59FBB9DC-F85A-400D-A328-ECD1DFB385C8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike source\hl2.exe | "{5A03E239-DC18-463F-A1A9-BE3D2F8FACE7}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{5A565B4E-6CAF-4FC6-9303-14FE924A96ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5ADD91D6-5044-459F-A95A-BBA2303183F4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{5C08CD0C-AE7B-4C8F-BE8F-F90777584F78}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5C0E7B11-4893-45EF-896A-2432BE41567D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5C3F93DC-2B28-40B8-B1FD-21EC052132A6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{5C5FEE17-0CC8-436F-BCE3-09D8A514E3B4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\counter-strike\hl.exe | "{5C82EF6B-F524-4A97-9094-BC8CA43BDC15}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{5CC5E22D-B3CE-4521-91EB-E4DF029106E2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5D1D3115-9918-4F38-8B11-C7CE6A34DECE}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{5D80DC6A-53D0-4F57-B35C-40D6DC91C685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5DBB7A2F-7354-4578-995D-CEC107A3DD01}" = protocol=6 | dir=in | app=h:\gry\steam\steam.exe | "{5DFD7E4F-A269-42E7-8EA5-124D442675A2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5E02FC03-2A0D-4B1C-8C89-31CED97F9514}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{5E9C6121-0575-4E8E-BF52-ABDB51C8194C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\bit.trip runner\runner.exe | "{5F36059C-234D-44AB-9B56-4A925DE261CE}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight\torchlight.exe | "{5FA75DC6-B4E4-41DD-9796-C7D0702EDD60}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\assassinscreed3.exe | "{603A1ED5-D89D-4395-BC5C-56CE7CE91E92}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{608C50D4-4754-467F-8D72-6A5BF1A4229E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{60AC003B-A914-4CDD-94C7-2CC974DD598F}" = dir=in | name=blokadayt | "{616A4C91-C05E-439E-83AF-29D64408D469}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{61DD8973-6BF1-49DA-9A1C-9907B5A837C3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{63309E4B-25AB-4DDF-82E7-3CD016B8FC16}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{63B7B0F9-8B20-4CE4-AD50-8905122C97D2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{642FA015-4E04-425B-8FAF-FA7938F858EC}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{6650C1CD-A11C-44B5-BBAF-55AAC2109025}" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "{66A21912-3D92-428F-AD9D-DA511F0C942E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{696D805B-9F04-48A6-A42D-499063225007}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{6A0A090B-71EE-4D7F-9922-9A7867B912E3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{6A823895-C700-40D0-9CC3-6BCA7C112CCC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{6DDC3813-25C4-4276-859F-FE3A2C079085}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{6FB0015A-91E9-4ACA-A415-E897418F1D2B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{7009B4BC-2ECE-4398-90A9-FBA0C6FF8045}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{7086293E-32BB-431F-B942-6D4D9F0A8AB4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{70F06249-20BC-4009-8361-92268F4EB403}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{7263F145-042A-4782-9585-82FD9CF48AB1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7297DE36-D5AA-42EC-993A-407C75158862}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{746B7ECC-E4E4-4332-AE53-DD0E6B0B2EC1}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{75A58CF6-1543-47DD-AA93-A5C932FB0A92}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{75BB251D-4E21-4AC8-94A8-67A11A33306A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{765C9C4E-D652-4DA3-A632-CFEA4C003DDA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{76BC80B0-36AF-4FB1-8DCE-6E2D181701A9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{76D28052-B920-45F5-AF9C-97EA6D8D7422}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{779AAC6C-5FD3-438A-A6A9-4EC24A482D9B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{78CF1004-1D55-4021-8B59-D4FFF014816C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{78F018C5-A702-4776-A9AD-70D2C224DA20}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{792EFF80-DEBA-4C96-BD5D-135ADB808ADF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\terraria\terraria.exe | "{79AB0FEF-5DAA-4D56-90A1-B4C0A74D00B5}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{7ACA905A-CAE1-46BB-A9E1-48C88B06DFCA}" = protocol=6 | dir=in | app=f:\gry\starcraft ii\starcraft ii.exe | "{7AD4CF79-B6AF-451D-8742-9590B7C089D0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{7B7CAE52-EA71-4686-BF61-1970AB246809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C03B003-06A1-4BD0-9720-C9260A6F30EF}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\ac3sp.exe | "{7CA4B678-66D8-4383-AF6F-0EB0C03E4A04}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{7CD45094-40EC-443A-BCF7-2B61DBE08D00}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{7DDF7B02-5B54-491F-BEA4-7E7E2DB428E7}" = protocol=17 | dir=in | app=f:\gry\starcraft ii\starcraft ii public test.exe | "{7DE7CAF9-6E98-41BF-B8FE-9AE202BA33E0}" = protocol=17 | dir=in | app=h:\gry\steam\steam.exe | "{80781D1C-76AB-4FC2-A0EE-16E1FB1035F9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\super meat boy\supermeatboy.exe | "{80AAC189-7E6C-45EA-BB74-13A76FE0879E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{81DB63B1-BCEE-4A18-A857-0A4618924E79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{824E7C71-F682-49DF-8063-87C521D71B3D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{82C03DE8-BE98-4FC9-9503-E15E8A00C412}" = protocol=6 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe | "{852CA690-E18B-42B1-9C15-B8499AE4997A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{882DA0E0-5620-4A11-903C-7CC5CF1800C0}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\assassinscreed3.exe | "{89E91983-8E2E-491E-9E0B-63A14582B354}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{89FCD3C9-1CFE-4A4E-8690-6C0240295443}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{8A00EA8F-1BAC-4C1A-B9A4-1F0D8E177CF2}" = protocol=17 | dir=in | app=e:\gry\league of legends\league of legends\lol.launcher.exe | "{8ABF2798-186F-450F-8189-8FCE15C8C172}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{8C044C90-96E6-438C-9072-F84D69A76009}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{8D562A75-2BB2-426E-8645-FAA8A10EDA44}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{8D981C38-C423-4B05-93E8-60FD07AD6AAC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{8DC773C9-16D4-41A8-98E2-25216700A3CE}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{8E536D5A-B6A1-4562-A2A3-30B864F2F1D7}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\half-life\hl.exe | "{8F95555D-421F-4D17-9485-60D830CF5040}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{8FA5C8B0-4FCE-480A-9FD6-5B694399A93A}" = protocol=17 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe | "{9079FCB4-977D-465B-97F0-A05AB295DA3E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\half-life 2\hl2.exe | "{915E6996-9CB1-4AF0-A7B9-E18C3736B255}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{923E88C7-36AF-4685-975E-E935667A35F9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{94254F85-656D-4764-B926-DE02870340A2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{94E47F56-51A3-443F-A73C-93D956D21040}" = protocol=6 | dir=in | app=f:\gry\starcraft ii\starcraft ii public test.exe | "{9531E10A-480A-4934-ACC4-28350D2D4AA7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{968FF8EF-2466-429D-B776-8C4BA978EE91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{98148271-DA36-453B-A4A2-69650E6D2983}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\spelunky\spelunky.exe | "{996BE42F-AE59-4E57-AC2F-2F61691008DB}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{9B61AF0A-C3C9-414E-AAF4-524464A6FD5D}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9C082BDE-B111-4C0A-A967-8D13272B5A0A}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{9DB80DD3-090B-409D-99CE-CF305CF0ED9E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9DC51B62-EC4B-4F9E-BAE4-7BEEF4C08E39}" = protocol=6 | dir=in | app=f:\gry\hearthstone\hearthstone.exe | "{9E4681E0-4A40-463E-8AB8-88637A9E4DA6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9EAFFED8-78A1-4984-BAA2-2C0FA452C667}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\cargo commander\cargocommander.exe | "{9F1833F4-EB63-43E8-A5C7-955B3155E4B2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{A08D3BDF-0829-40B1-A589-96E971F472C2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{A0A0F23D-3152-4286-9C07-55E70478CF24}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{A0F17C59-8E44-49F6-9CE1-34013E397DCE}" = protocol=17 | dir=in | app=f:\gry\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe | "{A150406F-64E1-48FA-850C-9F2B825CA09B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A2912320-9484-45F8-B876-F3DE9A8FDEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{A3845591-D577-44F2-AD6C-10BE605486A5}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\limbo\limbo.exe | "{A56C7054-541B-4E4C-B773-AC0EB516C786}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A5F590BD-B945-4F72-8169-4E9A38939473}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A952D89E-B2B0-496A-822F-E68A565C4FF8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{AB238C25-B25E-4634-8906-87BE3D247302}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{ABC9C99F-8D02-49E3-9434-41AEEB79332B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{AD8F130F-F7CE-4DFB-A978-47E77A059348}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{AF8F7BF7-BBD5-4ECF-B163-FC6E840C3BFA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{B06BDB06-ACF0-4BCE-B347-1A2C787F30F1}" = protocol=6 | dir=in | app=e:\gry\battlefield 3\battlefield 3\bf3.exe | "{B0E0CAB7-9F0D-4854-B33B-02774778FB47}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B16CBE96-AA09-4A25-920B-1A4F760E47C2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\half-life\hl.exe | "{B2B3610C-9510-41BB-B0EA-75277BFF29CF}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{B32DF6E3-5CB5-4DE8-9DCE-DF7723E7E49B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B3A11509-AD05-42BC-92B2-E5CD9B03AADA}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\utorrent\utorrent.exe | "{B49D0784-6F29-4914-87FA-A8C92D2D99BE}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\ac3mp.exe | "{B5F1F3F9-28FC-43AD-ABB6-8AFC09883B5C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\jamestown\jamestown.exe | "{B73E4862-9B65-4F25-97F0-4221854AD019}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B7C38F55-6C80-46FB-8548-CCA5EC43D979}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B7FCF97B-574A-41E5-AD9C-2B033D8DED62}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{B9E43DDE-A963-49F9-BD6A-128BC4FCB19C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{BA1C04A5-7D7C-4DA1-99DD-C5F2EC45001B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{BDA4F192-1BB7-4BA3-9CC6-D2D1F8CAF816}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | "{C1C6F41A-48BC-49BC-82A2-B83D8E4F9BD0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{C33A03B7-AD26-4994-8F17-4913DE577C9E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C47C87F2-8C3F-461B-BB8E-2126D1D80DBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C57F5B5F-7998-4D63-BD8B-C324511D9DA3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\half-life 2\hl2.exe | "{C5FA302F-343D-4A7F-AD78-F2B865982653}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{C620B959-68A0-484F-B449-F1DDE7DB0A37}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{C67CE6E1-28C4-4188-9BB0-79DCB7D91527}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{C67EA651-CC71-4A75-8864-D4913B354C8C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{C8F2213A-040C-43C4-A3AE-EA300F73490E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C974D703-3A14-48F6-B752-66345F1B1764}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{C9E6DC6E-9CBF-420B-B9CE-0C9A57AFFA68}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{CA242323-C45C-409D-8C6D-C856ABCF1663}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{CACE3C89-9824-482C-B58C-421CB46527DC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{CDDD6A1B-DED2-44A0-A425-03AF93561BF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CDF5D132-6796-4BA0-80B6-8027E95BAE8A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{CE128873-0F23-4CF2-9600-9CF7AA725A80}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{CEC8F09C-F7B8-47AA-9B1B-A8BE71F3A675}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{CF167AC0-33D5-4B99-BC3C-FB2854656A5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D02AD5A0-232E-44F5-9EEC-E8333CD57A33}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D069083D-073D-4FA5-9CA5-2E620F97CB99}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D4D7A61F-EED3-4FD3-B317-FDACC37C1EF9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D6F0E647-3262-4E1A-81F7-879E568441FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{D79BEAED-862D-4CDC-8768-D3F855A51DE3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{DA83907E-BE6C-42D9-ABB1-C695295B9D02}" = protocol=17 | dir=in | app=f:\gry\starcraft ii\starcraft ii.exe | "{DDC4BB55-8745-4AD7-9C2C-6E4011A77CD8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{DE1C63A7-CEF0-41A4-85CD-AD89BDC108E3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | "{E070B88B-FB32-44FD-B5D3-7280756A3E04}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{E154B07A-9D3D-4BA1-A504-6A2C8FCC03E9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\torchlight2.exe | "{E263989D-4C74-40FE-A46E-EC93A8B61C66}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{E3990B84-4FCF-46C1-A568-0B9B6E4F3949}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alan wake\alanwake.exe | "{E42871B7-8FF9-4744-A6F1-532988474600}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{E5592A6C-ED09-4EE2-8727-1026F12311C5}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{E578E8C8-2D40-487D-A96D-7C2836D99ADA}" = protocol=17 | dir=in | app=e:\gry\battlefield 3\battlefield 3\bf3.exe | "{E5D3E943-54C3-4225-B41B-340DB67B8491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E6D7C1F3-594C-46DE-8A2E-55E5F896B3D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{E6F8A5F2-6E62-4AD4-8721-BAD167DD9A1E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight\torchlight.exe | "{E81605F0-AF0C-4EBD-B693-AB0D0CA2F9D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9A07AE9-1010-41C1-BC4B-9CE83E3EA1E6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\modlauncher.exe | "{EABA3E1F-E98F-4A3D-AB11-38DC541BD17A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\torchlight2.exe | "{EB333181-2E86-4F56-9999-E9B56AED4C4A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{EBD74185-0148-44BD-8A65-31A568128066}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{EC21E22E-1018-41C0-8545-55DB968B53A4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{F2021DD0-46DD-45AF-A6D9-D559F74C8AD0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{F33159C8-72DB-467E-951D-26EE452EEBD4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike source\hl2.exe | "{F6798E72-84FD-4FE1-98BC-AB2DCD337405}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\super meat boy\supermeatboy.exe | "{F823A681-6B40-4B77-B308-E59FA69CED55}" = protocol=6 | dir=in | app=e:\gry\league of legends\league of legends\lol.launcher.exe | "{F9144852-06BF-4FF6-883C-57F0C06D8CCA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{FA71D507-A5E0-4DAA-B987-C0C1D91C04EB}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{FBB691E6-3E57-4EE3-A4CE-69121AE0F847}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{FC5B2101-4F52-4F85-8236-BE2DEFD858F3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{FC7AA6F7-FC33-4891-9B5F-8E0C0014F885}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\the binding of isaac\isaac.exe | "{FCCB46B5-4BEB-45D4-A524-EF69CCC9E25D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\modlauncher.exe | "TCP Query User{07D0F8DD-F922-44B4-A99B-F8D0C869F8C0}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "TCP Query User{1E2AAFCE-EF1D-4EF9-B062-10175E8EE5A9}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "TCP Query User{1E31D260-66BE-4738-BDB1-A895F4BD98AD}E:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=6 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe | "TCP Query User{4A9B6374-6C7B-4EED-8CC3-8647385E97D9}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | "TCP Query User{764CCB57-4EBD-4CD5-A929-9E37436C95E9}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | "TCP Query User{7AF90C53-B114-4E24-BF72-7C23DFEE6932}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "TCP Query User{B717A842-7FA0-4189-ACDA-A2685F39AF11}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "TCP Query User{D3454512-D57F-4E62-AD71-0F6E568E6F89}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "TCP Query User{EA348729-3C08-4EBB-B104-B1EAB2CDEC26}E:\gry\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\launcher.exe | "TCP Query User{F0D54B0F-2BF0-4427-BFED-DEAD2BB5CE63}C:\program files (x86)\bitcoin\daemon\bitcoind.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\daemon\bitcoind.exe | "UDP Query User{4D846A6F-A1AF-427A-9682-252B573D344A}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "UDP Query User{780BCEA4-70F2-4C30-ADC5-0E531C9EC631}E:\gry\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\launcher.exe | "UDP Query User{7B7E2652-A2DD-4119-A8D5-70508384DDA6}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "UDP Query User{81955BC1-4AE4-4765-8BCB-815FB7488B02}C:\program files (x86)\bitcoin\daemon\bitcoind.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\daemon\bitcoind.exe | "UDP Query User{C00109D3-3385-47DE-BD72-1A4BEBD8228D}E:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=17 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe | "UDP Query User{D3869507-86DD-4001-8CCB-2B59DD62102F}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "UDP Query User{DAD3E790-965D-407D-AF9C-8CB45D0840FE}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "UDP Query User{F8B7E6DD-79A9-4FF2-8B11-FB866A8E3ECF}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | "UDP Query User{FF16EA8C-CC70-4CFE-BDDB-F6762434C190}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | "UDP Query User{FF4CC8A5-7DE5-45E7-96B3-ABFFBAE258C1}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009751C6-22D7-4548-A313-AD48FA57076F}" = Autodesk Inventor Server Engine for 3ds Max 2014 64-bit "{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller "{0BB716E0-1400-0610-0000-097DC2F354DF}" = Autodesk Revit Interoperability for 3ds Max 2014 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D2F05BB-228E-4081-B94C-50AD015EE462}" = Magic Bullet Suite 64-bit "{52B37EC7-D836-0409-0064-3C24BCED2010}" = Autodesk 3ds Max 2014 "{5AAB972C-FF31-4B01-8445-50C42860EC02}" = Autodesk Composite 2014 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7491836B-659E-47DD-ABBF-F875AD48FD10}" = Autodesk 3ds Max 2014 64-bit Populate Data "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists "{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}" = Autodesk DirectConnect 2014 64-bit "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{90150000-0015-0415-1000-0000000FF1CE}" = Microsoft Access MUI (Polish) 2013 "{90150000-0016-0415-1000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013 "{90150000-0018-0415-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013 "{90150000-0019-0415-1000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013 "{90150000-001A-0415-1000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013 "{90150000-001B-0415-1000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-0415-1000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski "{90150000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013 "{90150000-0044-0415-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Polish) 2013 "{90150000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013 "{90150000-0090-0415-1000-0000000FF1CE}" = Microsoft DCF MUI (Polish) 2013 "{90150000-00A1-0415-1000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013 "{90150000-00BA-0415-1000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2013 "{90150000-00E1-0415-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013 "{90150000-00E2-0415-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013 "{90150000-012B-0415-1000-0000000FF1CE}" = Microsoft Lync MUI (Polish) 2013 "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64 "{B192EDAC-25C7-408D-99A0-A23455F50E27}" = AMD APP SDK 2.9 "{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding "{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders "{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13 "{CC36410B-5EAB-C255-FF28-E066F479DA89}" = AMD Wireless Display v3.0 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DC65DFD8-E175-4A85-948A-42965853B2E8}" = Oracle VM VirtualBox 4.3.6 "{E8814D63-BB76-4C89-A25E-264ECF11D00D}" = Autodesk Essential Skills Movies for 3ds Max 2014 64-bit "{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0 "{F9BE7B54-D322-43D6-83DD-CD132E4B8EEE}" = Autodesk Mudbox 2014 "{FB562550-BBE6-4298-861A-5C0A6562C272}_is1" = Revo Uninstaller Pro 2.1.1 "{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding "0630-0716-3135-7887" = JDownloader 2 "Autodesk 3ds Max 2014" = Autodesk 3ds Max 2014 "Autodesk Composite 2014" = Autodesk Composite 2014 "Autodesk DirectConnect 2014 64-bit" = Autodesk DirectConnect 2014 64-bit "Autodesk Mudbox 2014" = Autodesk Mudbox 2014 "Autodesk Revit Interoperability for 3ds Max 2014" = Autodesk Revit Interoperability for 3ds Max 2014 "Blender" = Blender "C6DCA6D8EFAB374E8F91A705567555FF4DAF025D" = Pakiet sterowników systemu Windows - XBCD Project HID (16/05/2008 1.1.0) "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.4 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.7.0 (64-bit) "Logitech Gaming Software" = Logitech Gaming Software 8.46 "Office15.PROPLUS" = Microsoft Office Professional Plus 2013 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Totalcmd64" = Total Commander 64-bit (Remove or Repair) "Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10 "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.117.08260 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center "{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1D5A19F2-DC0D-43C3-BD43-E501AEF3424D}" = Futuremark SystemInfo "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech "{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}" = Autodesk Download Manager "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2014 "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B12.0308.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian "{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0 "{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1" = PackBit Codec version 1.0.0.1Beta "{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}" = Razer BlackWidow Ultimate Firmware Updater "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX "{80D8170E-5590-4318-A9ED-E24E4C99A18C}_is1" = e-pity 5.0 za rok 2013 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish "{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese "{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III "{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}" = Autodesk Material Library Medium Resolution Image Library 2014 "{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A82EF4BC-81CB-4AC6-A3BE-3201BB8F53CF}" = Playfire "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B5BE22C7-420A-5F14-A1B9-4AB3F3DE0A3E}" = Catalyst Control Center InstallProxy "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian "{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{c6072f71-b8f8-4b4a-a616-5e8cd64cd41e}" = Playfire "{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel "{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}" = PingPlotter Standard 3.40.2s "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean "{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese "{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy "{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1" = Open Broadcaster Software version 0.461a "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple "{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.19.0 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Ad Muncher" = Ad Muncher v4.91 Build 32562 "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "Afterburner" = MSI Afterburner 2.3.1 "Battle.net" = Battle.net "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "CWK" = CWK (Czasowy Wyłącznik Komputera) "Diablo III" = Diablo III "DivX Setup" = DivX Setup "DMC Devi May Cry (c) Capcom_is1" = DMC Devi May Cry (c) Capcom version 1 "Driver Cleaner" = Driver Cleaner 3 "DVDFab 8 Qt_is1" = DVDFab 8.2.0.8 (29/08/2012) Qt "Dxtory2.0_is1" = Dxtory version 2.0.114 "ESN Sonar-0.70.4" = ESN Sonar "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "FLV to AVI MPEG WMV 3GP MP4 iPod Converter5.2.0603" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "HD Tune_is1" = HD Tune 2.55 "Hearthstone" = Hearthstone "HWiNFO32_is1" = HWiNFO32 Version 4.18 "InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}" = Magic Bullet Suite 64-bit "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "IVONA 2" = IVONA 2 "IVONA Reader" = IVONA Reader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0 "Livestreamer" = Livestreamer 1.6.1 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.0504 "MMDoC-PDCLive" = Duel of Champions "MozBackup" = MozBackup 1.4.10 "Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl) "Mozilla Thunderbird 24.3.0 (x86 pl)" = Mozilla Thunderbird 24.3.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "NetCut_is1" = NetCut 2.1.4 "Notepad++" = Notepad++ "Open Broadcaster Software" = Open Broadcaster Software "OpenAL" = OpenAL "OpenVPN" = OpenVPN 2.1_rc19 "Origin" = Origin "PowerMenu" = PowerMenu 1.51 "Rainmeter" = Rainmeter "Raptr" = Raptr "Razer Game Booster_is1" = Razer Game Booster "StarCraft II" = StarCraft II "Steam App 108710" = Alan Wake "Steam App 15540" = 1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby) "Steam App 202352" = Steam Trading Card Beta Access "Steam App 210770" = Sanctum 2 "Steam App 211400" = Deadlight "Steam App 220" = Half-Life 2 "Steam App 220460" = Cargo Commander "Steam App 238960" = Path of Exile "Steam App 239350" = Spelunky "Steam App 244870" = Electronic Super Joy "Steam App 256410" = Might & Magic: Duel of Champions "Steam App 35720" = Trine 2 "Steam App 440" = Team Fortress 2 "Steam App 49520" = Borderlands 2 "Steam App 63710" = BIT.TRIP RUNNER "Steam App 730" = Counter-Strike: Global Offensive "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light (c) Deep Silver version 1 "Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5 "Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0 "Uplay" = Uplay "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "Winamp" = Winamp "WinPcapInst" = WinPcap 4.1.2 "x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) "XfireCodec" = Xfire Codec (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Bitcoin" = Bitcoin "GG" = GG "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent "XBMC" = XBMC [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-06 15:40:44 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 16:47:34 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 16:48:46 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = VSS | ID = 18 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = VSS | ID = 8193 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = System Restore | ID = 8193 Description = [ NetLimiter 3 Events ] Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = <nl-error-list> <nl-error> <err-code>0</err-code> <hresult code='80070002'>Nie można odnaleźć określonego pliku.</hresult> <module>NetLimiter.Main.123</module> <param name='last-error' value='2'/> <param name='fun-name' value='OpenDevice'/> </nl-error> </nl-error-list> Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = <nl-error-list> <nl-error> <err-code>2010</err-code> <module>NetLimiter.Main.77</module> <desc>Failed to initialize NetLimiter service.</desc> </nl-error> <nl-error> <err-code>0</err-code> <hresult code='80070002'>Nie można odnaleźć określonego pliku.</hresult> <module>NetLimiter.Main.123</module> <param name='last-error' value='2'/> <param name='fun-name' value='OpenDevice'/> </nl-error> </nl-error-list> Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = The service failed to start Error - 2012-12-02 14:23:17 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired [ System Events ] Error - 2014-03-06 17:08:08 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:08 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:09:26 | Computer Name = BlodyTraveler | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Aspi32.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-03-06 17:09:26 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 < End of report >

DDS

Kod: Zaznacz wszystko: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2 Run by Traveler at 22:28:35 on 2014-03-06 Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.8183.5656 [GMT 1:00] . AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files (x86)\netcut\services\AIPS.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe C:\Program Files\NetLimiter 3\nlsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\NetLimiter 3\NLClientApp.exe C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Xfire2\Xfire.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe C:\Program Files (x86)\Ad Muncher\AdMunch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Ad Muncher\AdMunch64.exe C:\PROGRA~2\Raptr\raptr.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~2\Raptr\raptr_im.exe C:\Windows\system32\taskeng.exe C:\Program Files\CoreTemp64\Core Temp.exe C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Raptr\raptr_ep64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe G:\Instalki\Kaspersky Internet Security\OTL.exe C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank mSearch Page = hxxp://www.google.com mDefault_Page_URL = about:blank mDefault_Search_URL = hxxp://www.google.com uProxyOverride = <local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: IVONA Reader: {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll TB: IVONA Reader: {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray uRun: [uTorrent] "C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED uRun: [Spotify Web Helper] "C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" mRun: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe StartupFolder: C:\Users\Traveler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire2\Xfire.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} - hxxps://dokumax.max-boegl.de/content/static/ecm/activex/Enable_Edit_In_Place.cab TCP: NameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{2F7064A7-26C8-4F79-8950-B1A240BCFA44} : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{D395B88C-BE42-4389-B68D-0FB8DAD83354} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: IVONA Reader: {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-TB: IVONA Reader: {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Traveler\AppData\Roaming\Mozilla\Firefox\Profiles\y2azreaz.default-1394138328678\ FF - prefs.js: browser.startup.homepage - google.pl FF - prefs.js: keyword.URL - hxxp://go.speedbit.com/search.aspx?s=E21b&q= FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Users\Traveler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-9-12 22128] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2013-5-31 31136] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-11 29792] R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272] R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200] R2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2013-12-19 262144] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-4 13592] R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-15 86016] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-8-24 27136] R2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2014-3-2 2541688] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-8-24 66728] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-11 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-11 29280] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008] R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416] R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-29 646248] R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080] R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160] R3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2014-3-2 41368] R3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-9-28 17160] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-11 214512] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-6 1809720] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-6 857912] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 bulkadi;Razer Megalodon DFU;C:\Windows\System32\drivers\bulkrazer_x64.sys [2011-2-9 25088] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-9 102368] S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-1-3 1471352] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-19 37344] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-4 520416] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-6 25816] S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-11-12 178776] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-8-24 30776] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-8-24 57960] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2012-8-24 32360] S3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2012-9-20 180544] S3 SaiK0CD7;SaiK0CD7;C:\Windows\System32\drivers\SaiK0CD7.sys [2012-9-20 180544] S3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544] S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2012-9-20 47168] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-9 203104] S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-8-24 57960] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832] S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-12-18 113936] S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2013-5-29 32360] S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-6-27 14544] S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-12-1 115296] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .txt: txtfile="C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -l -o "%1" -x [default=ConvInIVONAReader - 'Open' doesn't exist] ShellExec: SC2Editor.exe: open="F:/Gry/StarCraft II/Support/SC2Editor.exe" "%1" ShellExec: SC2Switcher.exe: open="F:/Gry/StarCraft II/Support/SC2Switcher.exe" "%1" . =============== Created Last 30 ================ . 2014-03-06 21:08:02 -------- d-sh--w- C:\$RECYCLE.BIN 2014-03-06 21:03:38 5187080 ------r- C:\ComboFix.exe 2014-03-06 20:54:46 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-03-06 20:54:10 92376 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-03-06 20:54:10 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-03-06 20:54:10 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-03-06 20:54:09 -------- d-----w- C:\ProgramData\Malwarebytes 2014-03-06 20:54:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-03-06 20:29:32 -------- d-----w- C:\AdwCleaner 2014-03-06 20:21:04 -------- d-----w- C:\Program Files\Enigma Software Group 2014-03-06 20:20:38 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-05 16:16:40 -------- d-----w- C:\Users\Traveler\AppData\Local\Adobe 2014-03-04 19:29:37 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3AF68723-5ED0-47B9-8D5F-B3962F6542EE}\mpengine.dll 2014-03-04 19:29:28 6574592 ----a-w- C:\Windows\System32\mstscax.dll 2014-03-04 19:29:28 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll 2014-03-04 16:47:30 -------- d-----w- C:\Users\Traveler\AppData\Local\GHISLER 2014-03-04 16:27:33 98816 ----a-w- C:\Windows\sed.exe 2014-03-04 16:27:33 256000 ----a-w- C:\Windows\PEV.exe 2014-03-04 16:27:33 208896 ----a-w- C:\Windows\MBR.exe 2014-03-04 16:18:36 388096 ----a-r- C:\Users\Traveler\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-23 16:17:35 -------- d-----w- C:\Users\Traveler\AppData\Roaming\com.efile.epity2013 2014-02-23 16:17:30 -------- d-----w- C:\Users\Traveler\AppData\Roaming\fillUp 2014-02-23 16:17:30 -------- d-----w- C:\Program Files (x86)\e-file 2014-02-14 19:38:09 -------- d-----w- C:\Users\Traveler\AppData\Local\Apple Computer 2014-02-12 18:20:04 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-12 18:20:04 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-12 18:18:25 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll 2014-02-11 20:06:25 -------- d-----w- C:\Users\Traveler\AppData\Local\LooksBuilder 2014-02-11 20:04:04 -------- d-----w- C:\Users\Traveler\AppData\Roaming\Red Giant Link 2014-02-11 20:03:49 -------- d-----w- C:\Program Files (x86)\LooksBuilder 2014-02-11 20:03:48 -------- d-----w- C:\Program Files (x86)\Red Giant Link 2014-02-11 20:02:22 -------- d-----w- C:\ProgramData\RedGiant 2014-02-10 20:14:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2014-02-10 20:14:04 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2014-02-10 20:13:59 -------- d-----w- C:\Windows\PCHEALTH 2014-02-10 20:13:59 -------- d-----w- C:\Program Files\Microsoft SQL Server 2014-02-10 20:13:30 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2014-02-10 20:13:30 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services . ==================== Find3M ==================== . 2014-02-21 16:59:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 16:59:00 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-18 20:04:30 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2014-02-18 20:04:29 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys 2014-02-16 16:54:59 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2014-02-16 16:54:59 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2014-02-16 16:47:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-01-27 08:58:44 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-01-14 01:53:50 88576 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll 2014-01-14 01:53:44 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-19 07:43:49 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-18 16:19:54 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-12-18 16:16:44 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2013-12-18 16:16:44 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-12-18 16:16:44 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-12-18 16:16:44 113936 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys 2013-12-18 16:13:30 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll 2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll 2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll 2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll 2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll 2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll 2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll 2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll 2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe 2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll 2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll 2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll 2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll 2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll 2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-06-25 05:09:36 44 ---h--w- C:\Program Files (x86)\f6435f27.tmp . ============= FINISH: 22:28:42,22 ===============

Attach

Kod: Zaznacz wszystko: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2012-08-23 22:28:35 System Uptime: 2014-03-06 22:09:13 (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P55-UD3 Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | Socket 1156 | 3486/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 27,991 GiB free. D: is FIXED (NTFS) - 150 GiB total, 111,401 GiB free. E: is FIXED (NTFS) - 233 GiB total, 70,273 GiB free. F: is FIXED (NTFS) - 233 GiB total, 117,669 GiB free. G: is FIXED (NTFS) - 391 GiB total, 92,127 GiB free. H: is FIXED (NTFS) - 195 GiB total, 23,079 GiB free. I: is FIXED (NTFS) - 195 GiB total, 113,052 GiB free. J: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP592: 2014-03-04 20:29:29 - Windows Update RP594: 2014-03-06 20:40:44 - Revo Uninstaller Pro's restore point - Akamai NetSession Interface RP595: 2014-03-06 21:20:51 - Installed SpyHunter RP597: 2014-03-06 21:47:34 - Revo Uninstaller Pro's restore point - SpyHunter RP598: 2014-03-06 21:47:51 - Removed SpyHunter RP600: 2014-03-06 21:48:46 - Revo Uninstaller Pro's restore point - PowerISO . ==== Installed Programs ====================== . @BIOS 1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby) Ad Muncher v4.91 Build 32562 Adobe Acrobat XI Pro Adobe Creative Suite 6 Master Collection Adobe Flash Player 12 Plugin Adobe Help Manager Alan Wake AMD Accelerated Video Transcoding AMD APP SDK 2.9 AMD Catalyst Control Center AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders AMD Wireless Display v3.0 Apple Software Update Archiwizator WinRAR Assassin's Creed (R) III µTorrent Autodesk 3ds Max 2014 Autodesk 3ds Max 2014 64-bit Populate Data Autodesk Backburner 2014 Autodesk Composite 2014 Autodesk DirectConnect 2014 64-bit Autodesk Download Manager Autodesk Essential Skills Movies for 3ds Max 2014 64-bit Autodesk Inventor Server Engine for 3ds Max 2014 64-bit Autodesk Material Library 2014 Autodesk Material Library Base Resolution Image Library 2014 Autodesk Material Library Medium Resolution Image Library 2014 Autodesk Mudbox 2014 Autodesk Revit Interoperability for 3ds Max 2014 Battle.net Battlefield 3™ BIT.TRIP RUNNER Bitcoin Blender Borderlands 2 Cargo Commander Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Counter-Strike: Global Offensive CWK (Czasowy Wyłącznik Komputera) Deadlight Diablo III DivX Setup DMC Devi May Cry (c) Capcom version 1 Driver Cleaner 3 Duel of Champions DVDFab 8.2.0.8 (29/08/2012) Qt Dxtory version 2.0.114 e-pity 5.0 za rok 2013 Electronic Super Joy ESN Sonar EVEREST Ultimate Edition v5.30 FLV to AVI MPEG WMV 3GP MP4 iPod Converter Fraps (remove only) Futuremark SystemInfo GG GIMP 2.8.4 Google Chrome Google Update Helper GPU Caps Viewer 1.19.0 Guild Wars 2 Half-Life 2 HD Tune 2.55 Hearthstone High-Definition Video Playback 10 HiJackThis HWiNFO32 Version 4.18 Intel(R) Control Center Intel(R) Rapid Storage Technology IVONA 2 IVONA Reader Java 7 Update 51 Java Auto Updater JDownloader 2 K-Lite Codec Pack 9.7.0 (64-bit) K-Lite Mega Codec Pack 9.7.0 Kaspersky Internet Security Lagarith Lossless Codec (1.3.27) League of Legends Livestreamer 1.6.1 Logitech Gaming Software Logitech Gaming Software 8.46 Magic Bullet Suite 64-bit Malwarebytes Anti-Malware version 2.00.0.0504 Media Go Media Go Video Playback Engine 1.96.117.08260 Metro: Last Light (c) Deep Silver version 1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (PLK) Microsoft .NET Framework 4.5.1 (Polski) Microsoft Access MUI (Polish) 2013 Microsoft DCF MUI (Polish) 2013 Microsoft Excel MUI (Polish) 2013 Microsoft Groove MUI (Polish) 2013 Microsoft InfoPath MUI (Polish) 2013 Microsoft Lync MUI (Polish) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Polish) 2013 Microsoft Office OSM UX MUI (Polish) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Polish) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Shared 32-bit MUI (Polish) 2013 Microsoft Office Shared MUI (Polish) 2013 Microsoft OneNote MUI (Polish) 2013 Microsoft Outlook MUI (Polish) 2013 Microsoft PowerPoint MUI (Polish) 2013 Microsoft Primary Interoperability Assemblies 2005 Microsoft Publisher MUI (Polish) 2013 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft Word MUI (Polish) 2013 Microsoft Xbox 360 Accessories 1.2 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Might & Magic: Duel of Champions MozBackup 1.4.10 Mozilla Firefox 27.0.1 (x86 pl) Mozilla Maintenance Service Mozilla Thunderbird 24.3.0 (x86 pl) MSI Afterburner 2.3.1 MSVCRT Redists NapiProjekt (2.0.0.2151) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero Burning ROM 10 Nero Control Center 10 Nero Core Components 10 Nero DiscSpeed 10 Nero Dolby Files 10 Nero Multimedia Suite 10 NetCut 2.1.4 NetLimiter 3 Notepad++ NVIDIA PhysX Obsługa programów Apple ON_OFF Charge B12.0308.1 Open Broadcaster Software Open Broadcaster Software version 0.461a OpenAL OpenVPN 2.1_rc19 Oracle VM VirtualBox 4.3.6 Origin PackBit Codec version 1.0.0.1Beta Pakiet sterowników systemu Windows - XBCD Project HID (16/05/2008 1.1.0) Path of Exile PDF Settings CS6 PingPlotter Standard 3.40.2s Playfire PlayStation(R)Network Downloader PlayStation(R)Store PowerMenu 1.51 QuickTime Rainmeter Raptr Razer BlackWidow Ultimate Firmware Updater Razer Game Booster Razer Megalodon Firmware Updater Razer Synapse 2.0 Realtek Ethernet Controller Driver Realtek Ethernet Diagnostic Utility Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Revo Uninstaller Pro 2.1.1 Samsung Kies SAMSUNG USB Driver for Mobile Phones Sanctum 2 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Skype™ 6.3 Smart Technology Programming Software 7.0.27.13 Sp5 Sp5Intl Sp5TTInt SpCommon Spelunky Spotify SpPhones StarCraft II Steam Steam Trading Card Beta Access swMSM System Requirements Lab for Intel Team Fortress 2 TeamSpeak 3 Client TechPowerUp GPU-Z Total Commander 64-bit (Remove or Repair) Trine 2 UE3Redist Unigine Heaven DX11 Benchmark 2.5 version 2.5 Unigine Valley Benchmark version 1.0 Unity Web Player Uplay VC80CRTRedist - 8.0.50727.6195 Vegas Pro 12.0 (64-bit) Virtual Audio Cable 4.10 VLC media player 2.0.6 Winamp WinPcap 4.1.2 Wtyczka e-Deklaracje x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) XBCD Uninstaller XBMC Xfire 2.0 Xfire Codec (remove only) XSplit . ==== End Of File ===========================

GMER

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-06 22:42:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 OCZ-VERTEX4 rev.1.5 119,24GB Running: x1fb96yu.exe; Driver: C:\Users\Traveler\AppData\Local\Temp\agdyaaoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004a28d8c 12 bytes {MOV RAX, 0xfffffa8007e1d2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\netcut\services\AIPS.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073041a22 2 bytes [04, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073041ad0 2 bytes [04, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073041b08 2 bytes [04, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073041bba 2 bytes [04, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073041bda 2 bytes [04, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\ws2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\Dwm.exe[2536] C:\Windows\system32\ws2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Windows\Explorer.EXE[2608] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\Explorer.EXE[2608] C:\Windows\system32\WS2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Windows\Explorer.EXE[2608] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\Explorer.EXE[2608] C:\Windows\system32\WS2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ws2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ws2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Program Files\SmartTechnology\Software\SaiMfd.exe[2912] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\SmartTechnology\Software\SaiMfd.exe[2912] C:\Windows\system32\ws2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Program Files\SmartTechnology\Software\SaiMfd.exe[2912] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\SmartTechnology\Software\SaiMfd.exe[2912] C:\Windows\system32\ws2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[2920] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[2920] C:\Windows\system32\WS2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[2920] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[2920] C:\Windows\system32\WS2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Program Files\NetLimiter 3\NLClientApp.exe[2932] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\NetLimiter 3\NLClientApp.exe[2932] C:\Windows\system32\WS2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Program Files\NetLimiter 3\NLClientApp.exe[2932] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\NetLimiter 3\NLClientApp.exe[2932] C:\Windows\system32\WS2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\WS2_32.dll!getsockname 00000000769930af 5 bytes JMP 000000010257008d .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\WS2_32.dll!connect 0000000076996bdd 5 bytes JMP 000000010257002d .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\WS2_32.dll!getpeername 0000000076997147 5 bytes JMP 00000001025700bd .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007699cc3f 5 bytes JMP 000000010257005d .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\syswow64\WS2_32.dll!getsockname 00000000769930af 5 bytes JMP 000000010058008d .text C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\syswow64\WS2_32.dll!connect 0000000076996bdd 5 bytes JMP 000000010058002d .text C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\syswow64\WS2_32.dll!getpeername 0000000076997147 5 bytes JMP 00000001005800bd .text C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007699cc3f 5 bytes JMP 000000010058005d .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\ws2_32.dll!getsockname 00000000769930af 5 bytes JMP 0000000100be008d .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\ws2_32.dll!connect 0000000076996bdd 5 bytes JMP 0000000100be002d .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\ws2_32.dll!getpeername 0000000076997147 5 bytes JMP 0000000100be00bd .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\ws2_32.dll!WSAConnect 000000007699cc3f 5 bytes JMP 0000000100be005d .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3124] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!DispatchMessageW 0000000076ea787b 5 bytes JMP 00000001643202f0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000076ea7bbb 5 bytes JMP 00000001643202c0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ea8a29 5 bytes JMP 0000000164320c70 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000076ea8e4e 5 bytes JMP 0000000164320450 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000076ea9a55 5 bytes JMP 0000000164320420 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076ead22e 5 bytes JMP 0000000164320b40 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076eb05ba 5 bytes JMP 0000000164320610 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076eb0dfb 5 bytes JMP 0000000164320320 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076eb1341 5 bytes JMP 00000001643206f0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076eb1361 5 bytes JMP 0000000164320690 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 0000000076eb28da 5 bytes JMP 0000000164320ac0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076eb41f6 5 bytes JMP 000000016431fe00 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076eb5f74 5 bytes JMP 00000001643205b0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000076eb7b3b 5 bytes JMP 0000000164320670 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!AnimateWindow 0000000076ebb531 5 bytes JMP 00000001643204c0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 0000000076ebba4a 5 bytes JMP 00000001643209f0 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000076eced12 5 bytes JMP 000000016431fe20 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076eced56 5 bytes JMP 0000000164320590 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000076ecf170 5 bytes JMP 0000000164320550 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000760e5ea6 5 bytes JMP 000000016431fe50 .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\WS2_32.dll!getsockname 00000000769930af 5 bytes JMP 000000010350008d .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\WS2_32.dll!connect 0000000076996bdd 5 bytes JMP 000000010350002d .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\WS2_32.dll!getpeername 0000000076997147 5 bytes JMP 00000001035000bd .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007699cc3f 5 bytes JMP 000000010350005d .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\PROGRA~2\Raptr\raptr.exe[3140] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[3644] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[3644] C:\Windows\system32\ws2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Windows\system32\taskhost.exe[3644] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[3644] C:\Windows\system32\ws2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\WS2_32.dll!getsockname 00000000769930af 5 bytes JMP 00000001004b008d .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\WS2_32.dll!connect 0000000076996bdd 5 bytes JMP 00000001004b002d .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\WS2_32.dll!getpeername 0000000076997147 5 bytes JMP 00000001004b00bd .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007699cc3f 5 bytes JMP 00000001004b005d .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76] .text C:\PROGRA~2\Raptr\raptr_im.exe[4488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76] .text ... * 2 .text C:\Windows\system32\taskeng.exe[4484] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefdce45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskeng.exe[4484] C:\Windows\system32\ws2_32.dll!getsockname 000007fefdce9480 6 bytes {JMP QWORD [RIP-0x7fed941e]} .text C:\Windows\system32\taskeng.exe[4484] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefdd0e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskeng.exe[4484] C:\Windows\system32\ws2_32.dll!getpeername 000007fefdd0e450 6 bytes {JMP QWORD [RIP-0x7fefe3be]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772211f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077221390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007722143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007722158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007722191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077221b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077221bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077221d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077221eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077221edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077221f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077221fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077221fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077222272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077222301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077222792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772227d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007722282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077222890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077222d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077222d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077223023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007722323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772233c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077223a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077223ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077223b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077223d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077224190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077271380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077271500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077271530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077271650 8 bytes JMP a23f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077271700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077271d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077271f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772727e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d5146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074d516e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074d51a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074d51a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[7048] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074d51a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772211f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077221390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007722143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007722158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007722191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077221b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077221bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077221d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077221eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077221edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077221f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077221fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077221fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077222272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077222301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077222792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772227d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007722282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077222890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077222d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077222d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077223023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007722323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772233c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077223a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077223ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077223b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077223d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077224190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077271380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077271500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077271530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077271650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077271700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077271d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077271f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772727e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d5146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074d516e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074d51a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074d51a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074d51a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772211f5 8 bytes {JMP 0xd} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077221390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007722143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007722158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007722191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077221b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077221bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077221d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077221eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077221edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077221f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077221fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077221fd7 8 bytes {JMP 0xb} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077222272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077222301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077222792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772227b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772227d2 8 bytes {JMP 0x10} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007722282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077222890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077222d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077222d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077223023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007722323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772233c0 16 bytes {JMP 0x4e} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077223a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077223ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077223b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077223d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077224190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077271380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077271500 8 bytes {JMP QWORD [RIP-0x4d498]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077271530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077271650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077271700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077271d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077271f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772727e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074d513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074d5146b 8 bytes {JMP 0xffffffffffffffb0} .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074d516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074d516e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074d519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074d519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074d51a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074d51a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074d51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text G:\Instalki\Kaspersky Internet Security\x1fb96yu.exe[5016] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074d51a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001101c58] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff88001101be4] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010cad50] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010caadc] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010cb4e0] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010ca28c] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010cb734] \SystemRoot\System32\Drivers\spos.sys [unknown section] IAT C:\Windows\system32\drivers\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] [fffffa80066f27e0] [unknown section] IAT C:\Windows\system32\drivers\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc] [fffffa8007e1d7e0] [unknown section] IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800490bfec] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort4 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-6 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80074822c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80074822c0 Device \FileSystem\Ntfs \Ntfs fffffa80074882c0 Device \Driver\usbuhci \Device\USBFDO-7 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8007e1f2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8007eab2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8007e1f2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007ac22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{812BC77A-99EA-4CC7-9214-33660597BEC6} fffffa8007bc02c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2F7064A7-26C8-4F79-8950-B1A240BCFA44} fffffa8007bc02c0 Device \Driver\usbehci \Device\USBFDO-8 fffffa8007eab2c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBPDO-7 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8007e1f2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8007eab2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8007e1f2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80066f62c0 Device \Driver\volmgr \Device\FtControl fffffa80066f62c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80066f62c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80066f62c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80066f62c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa80066f62c0 Device \Driver\volmgr \Device\HarddiskVolume5 fffffa80066f62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D395B88C-BE42-4389-B68D-0FB8DAD83354} fffffa8007bc02c0 Device \Driver\volmgr \Device\HarddiskVolume6 fffffa80066f62c0 Device \Driver\volmgr \Device\HarddiskVolume7 fffffa80066f62c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007bc02c0 Device \Driver\volmgr \Device\HarddiskVolume8 fffffa80066f62c0 Device \Driver\usbehci \Device\USBPDO-8 fffffa8007eab2c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8007e1f2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80074822c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8007e1f2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8007e1f2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80074822c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80074822c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80074822c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80074822c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80074822c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80074822c0]<< spos.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80074822c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007880790] fffffa8007880790 Trace 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> [0xfffffa8007632580] fffffa8007632580 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800765b060] fffffa800765b060 Trace \Driver\atapi[0xfffffa80075aa2e0] -> IRP_MJ_CREATE -> 0xfffffa80074822c0 fffffa80074822c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2096:6352] 000007feefcb9688 Thread C:\Windows\SysWOW64\ntdll.dll [2076:2092] 0000000000b10440 Thread C:\Windows\SysWOW64\ntdll.dll [2076:4428] 0000000072f362ee Thread C:\Windows\SysWOW64\ntdll.dll [2076:5624] 0000000000986a20 Thread C:\Windows\SysWOW64\ntdll.dll [2076:5632] 0000000000986bb0 Thread C:\Windows\SysWOW64\ntdll.dll [2076:6136] 00000000708ea3e0 Thread C:\Program Files\CoreTemp64\Core Temp.exe [4536:4260] 000007fefa9f2a7c Thread C:\Program Files\CoreTemp64\Core Temp.exe [4536:5740] 000000005c158e00 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5384:6284] 000007fefa9f2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5384:6324] 000007fee1e84830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5384:6484] 000007fef9945124 ---- Processes - GMER 2.1 ---- Library C:\Users\Traveler\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2608] (GG drive menu/GG Network S.A.)(2012-08-24 14:16:37) 000000005ff80000 Process C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe (*** suspicious ***) @ C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe [2944] (µTorrent/BitTorrent Inc.)(2014-01-26 07:06:15) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 ---- EOF - GMER 2.1 ----

ComboFix

Kod: Zaznacz wszystko: ComboFix 14-03-04.01 - Traveler 2014-03-06 22:04:25.2.8 - x64 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.8183.7317 [GMT 1:00] Uruchomiony z: C:\ComboFix.exe AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2014-02-06 do 2014-03-06 ))))))))))))))))))))))))))))))) . . 2014-03-06 21:06 . 2014-03-06 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-06 20:54 . 2014-03-06 21:01 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-03-06 20:54 . 2014-02-21 13:55 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-03-06 20:54 . 2014-02-21 13:55 92376 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-06 20:54 . 2014-02-21 13:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-06 20:54 . 2014-03-06 20:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-03-06 20:54 . 2014-03-06 20:54 -------- d-----w- c:\programdata\Malwarebytes 2014-03-06 20:29 . 2014-03-06 20:37 -------- d-----w- C:\AdwCleaner 2014-03-06 20:21 . 2014-03-06 20:48 -------- d-----w- c:\program files\Enigma Software Group 2014-03-06 20:20 . 2014-03-06 20:47 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-03-05 16:16 . 2014-03-06 16:21 -------- d-----w- c:\users\Traveler\AppData\Local\Adobe 2014-03-04 19:29 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AF68723-5ED0-47B9-8D5F-B3962F6542EE}\mpengine.dll 2014-03-04 19:29 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-03-04 19:29 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-03-04 16:47 . 2014-03-04 16:47 -------- d-----w- c:\users\Traveler\AppData\Local\GHISLER 2014-03-04 16:18 . 2014-03-04 16:18 388096 ----a-r- c:\users\Traveler\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-23 16:17 . 2014-02-23 16:17 -------- d-----w- c:\users\Traveler\AppData\Roaming\com.efile.epity2013 2014-02-23 16:17 . 2014-02-23 16:17 -------- d-----w- c:\users\Traveler\AppData\Roaming\fillUp 2014-02-23 16:17 . 2014-02-23 16:17 -------- d-----w- c:\program files (x86)\e-file 2014-02-14 19:38 . 2014-02-14 19:38 -------- d-----w- c:\users\Traveler\AppData\Local\Apple Computer 2014-02-12 18:20 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 18:20 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 18:18 . 2013-12-04 02:27 485888 ----a-w- c:\windows\system32\secproc_isv.dll 2014-02-11 20:06 . 2014-02-11 20:18 -------- d-----w- c:\users\Traveler\AppData\Local\LooksBuilder 2014-02-11 20:04 . 2014-02-11 20:04 -------- d-----w- c:\users\Traveler\AppData\Roaming\Red Giant Link 2014-02-11 20:03 . 2014-02-11 20:03 -------- d-----w- c:\program files (x86)\LooksBuilder 2014-02-11 20:03 . 2014-02-11 20:03 -------- d-----w- c:\program files (x86)\Red Giant Link 2014-02-11 20:02 . 2014-02-11 20:02 -------- d-----w- c:\programdata\RedGiant 2014-02-10 20:14 . 2014-02-10 20:14 -------- d-----w- c:\program files\Common Files\DESIGNER 2014-02-10 20:14 . 2014-02-10 20:14 -------- d-----w- c:\program files\Microsoft.NET 2014-02-10 20:14 . 2014-02-10 20:14 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2014-02-10 20:14 . 2014-02-10 20:14 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2014-02-10 20:13 . 2014-02-10 20:14 -------- d-----w- c:\program files\Microsoft SQL Server 2014-02-10 20:13 . 2014-02-10 20:13 -------- d-----w- c:\windows\PCHEALTH 2014-02-10 20:13 . 2014-02-10 20:13 -------- d-----w- c:\program files\Microsoft Analysis Services 2014-02-10 20:13 . 2014-02-10 20:13 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2014-02-10 20:13 . 2014-02-10 20:13 -------- d-----w- c:\program files\Microsoft Office 2014-02-10 20:12 . 2014-02-10 20:12 -------- d-----r- C:\MSOCache 2014-02-05 17:22 . 2014-02-05 19:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-21 16:59 . 2013-07-23 17:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 16:59 . 2013-07-23 17:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-18 20:04 . 2013-12-01 09:39 624224 ----a-w- c:\windows\system32\drivers\klif.sys 2014-02-18 20:04 . 2013-10-11 12:25 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2014-02-18 20:04 . 2013-12-01 09:39 115296 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-02-16 16:54 . 2013-08-07 17:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-02-16 16:54 . 2012-08-24 15:54 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-02-16 16:47 . 2013-08-07 17:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-02-12 18:24 . 2012-08-24 17:29 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-27 08:58 . 2012-08-24 13:38 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-01-14 01:53 . 2014-01-14 01:53 88576 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2014-01-14 01:53 . 2014-01-14 01:53 296448 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2013-12-19 07:43 . 2013-06-06 16:38 178272 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-12-18 20:09 . 2013-10-17 17:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-18 16:19 . 2014-01-06 16:47 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2013-12-18 16:16 . 2014-01-06 16:47 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2013-12-18 16:16 . 2013-12-18 16:16 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2013-12-18 16:16 . 2013-12-18 16:16 113936 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys 2013-12-18 16:16 . 2013-07-04 13:57 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2013-12-18 16:13 . 2013-12-18 16:13 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-12-06 22:04 . 2013-10-08 14:01 143304 ----a-w- c:\windows\system32\atiuxp64.dll 2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll 2013-12-06 22:02 . 2013-10-08 14:01 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-12-06 22:01 . 2013-10-08 14:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll 2013-12-06 22:01 . 2013-10-08 14:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-12-06 22:00 . 2013-10-08 14:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll 2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-12-06 21:59 . 2013-10-08 14:00 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-12-06 21:58 . 2013-10-08 14:00 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll 2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll 2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe 2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll 2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll 2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll 2013-12-06 21:16 . 2013-10-08 13:17 26352128 ----a-w- c:\windows\system32\atio6axx.dll 2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe 2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll 2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-06-25 05:09 . 2013-06-26 17:09 44 ---h--w- c:\program files (x86)\f6435f27.tmp . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 2790400] "uTorrent"="c:\users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe" [2014-02-18 802136] "Spotify Web Helper"="c:\users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-30 1171968] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-02-18 55360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-11-17 442712] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752] "Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2013-09-15 535752] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208] "ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368] . c:\users\Traveler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xfire.lnk - c:\program files (x86)\Xfire2\Xfire.exe [2013-9-28 4881624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] R1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] R1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] R2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe;c:\program files (x86)\netcut\services\AIPS.exe [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;d:\autodesk 3ds max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;d:\autodesk 3ds max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x] R2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ALSysIO;ALSysIO;c:\users\Traveler\AppData\Local\Temp\ALSysIO64.sys;c:\users\Traveler\AppData\Local\Temp\ALSysIO64.sys [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 bulkadi;Razer Megalodon DFU;c:\windows\system32\DRIVERS\bulkrazer_x64.sys;c:\windows\SYSNATIVE\DRIVERS\bulkrazer_x64.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x] R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x] R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CCB.sys [x] R3 SaiK0CD7;SaiK0CD7;c:\windows\system32\DRIVERS\SaiK0CD7.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD7.sys [x] R3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x] R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCB.sys [x] R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.0);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x] R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x] R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-04 14:40 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 16:59] . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 17:12] . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-20 17:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:42 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-18 12489360] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{D395B88C-BE42-4389-B68D-0FB8DAD83354}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} - hxxps://dokumax.max-boegl.de/content/static/ecm/activex/Enable_Edit_In_Place.cab FF - ProfilePath - c:\users\Traveler\AppData\Roaming\Mozilla\Firefox\Profiles\y2azreaz.default-1394138328678\ FF - prefs.js: browser.startup.homepage - google.pl FF - prefs.js: keyword.URL - hxxp://go.speedbit.com/search.aspx?s=E21b&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Traveler\AppData\Local\unins000.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,c1,7c,19,19,f4,6c,4a,a1,28,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,c1,7c,19,19,f4,6c,4a,a1,28,5b,\ . [HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\SecuROM\License information*] "datasecu"=hex:5a,4c,5d,1f,c3,95,f8,e8,82,8d,a5,35,92,75,d2,b1,a9,b5,5e,6a,a1, 7f,b8,16,f3,3b,ed,79,45,47,3e,28,73,37,3c,7e,73,3e,1a,61,34,66,27,c0,82,2d,\ "rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:0c,81,fe,36,67,14,f9,2f,64,4a,c2,c0,24,d6,63,fc,d1,1a,74,01,7f, 62,0b,83,a6,0d,ce,04,aa,6e,1a,db,2c,13,5f,a1,0e,ab,16,a5,1b,9b,b7,8a,3a,ee,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:0c,81,fe,36,67,14,f9,2f,64,4a,c2,c0,24,d6,63,fc,d1,1a,74,01,7f, 62,0b,83,a6,0d,ce,04,aa,6e,1a,db,2c,13,5f,a1,0e,ab,16,a5,1b,9b,b7,8a,3a,ee,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-03-06 22:07:59 ComboFix-quarantined-files.txt 2014-03-06 21:07 ComboFix2.txt 2014-03-04 16:35 . Przed: 30 197 686 272 bajtów wolnych Po: 29 909 491 712 bajtów wolnych . - - End Of File - - 35ED1CB27A75E840F908EE2387434405 A36C5E4F47E84449FF07ED3517B43A31

**Posty:** 4765 · przez **ordynat** 06 Mar 2014, 23:37

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
@Alternate Data Stream - 1324 bytes -> C:\Program Files\Common Files\System:Ird6t7yar5Br8KeIkiwcFKbDn
@Alternate Data Stream - 1301 bytes -> C:\ProgramData\Microsoft:EHT8eZRMBOHfcPGFDsHqN4JWyRdLe
@Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:2P5XMzuDsKGYgzlw7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:rHWIFO7Sz2TVLTQCHn
[2013-02-01 08:55:14 | 000,000,000 | -HSD | M] -- C:\Users\Traveler\AppData\Roaming\wyUpdate AU
O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found
O4 - HKLM..\Run: [] File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll File not found
FF - prefs.js..keyword.URL: "http://go.speedbit.com/search.aspx?s=E21b&q="
IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
SRV:64bit: - [2014-03-02 10:27:50 | 002,541,688 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)

:Files
C:\Program Files\Common Files\SpeedBit

:Reg
[-HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068

Trzeba ręcznie wyresetować uprawnienia.

START > w polu szukania wpisz: regedit > z prawokliku Uruchom jako Administrator > i po kolei z prawokliku na poniższe klucze pobierasz Uprawnienia > Zaawansowane > dostosowujesz konta wraz z ich uprawnieniami:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc
----> SYSTEM i Administratorzy: Pełna kontrola
----> Użytkownicy: Odczyt
----> TWÓRCA-WŁAŚCICIEL: Uprawnienia specjalne

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
----> SYSTEM i Administratorzy: Pełna kontrola
----> Dhcp, NlaSvc, INTERAKTYWNA, USŁUGA: Uprawnienia specjalne

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Security
----> SYSTEM i Administratorzy: Pełna kontrola

.

Autor postu otrzymał pochwałę

**Posty:** 704 · przez **darktraveler** 06 Mar 2014, 23:46

Dobra jest komplet.
Bez pośpiechu dopiero jutro się za to wezmę około 17:00 jak z roboty wrócę.

Dodano 07.03.2014 17:55:13:
RAPORT

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== ADS C:\Program Files\Common Files\System:Ird6t7yar5Br8KeIkiwcFKbDn deleted successfully. ADS C:\ProgramData\Microsoft:EHT8eZRMBOHfcPGFDsHqN4JWyRdLe deleted successfully. ADS C:\ProgramData\Microsoft:2P5XMzuDsKGYgzlw7 deleted successfully. ADS C:\ProgramData\Microsoft:rHWIFO7Sz2TVLTQCHn deleted successfully. C:\Users\Traveler\AppData\Roaming\wyUpdate AU folder moved successfully. Registry value HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Raptr deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4\ deleted successfully. Prefs.js: "http://go.speedbit.com/search.aspx?s=E21b&q=" removed from keyword.URL Registry key HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Service SBUpd stopped successfully! Service SBUpd deleted successfully! C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe moved successfully. ========== FILES ========== C:\Program Files\Common Files\SpeedBit\SBUpdate folder moved successfully. C:\Program Files\Common Files\SpeedBit folder moved successfully. ========== REGISTRY ========== Registry key HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry value HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Traveler ->Temp folder emptied: 20396115 bytes ->Temporary Internet Files folder emptied: 113331898 bytes ->Java cache emptied: 1877851 bytes ->FireFox cache emptied: 44866193 bytes ->Google Chrome cache emptied: 26770490 bytes ->Flash cache emptied: 20990 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2072096 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11151589 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102082 bytes RecycleBin emptied: 501474 bytes Total Files Cleaned = 211,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03072014_170747 Files\Folders moved on Reboot... C:\Users\Traveler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Traveler\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File\Folder C:\Windows\temp\TMP000000115C27FBDA95D5E599 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2014-03-07 17:38:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = G:\Instalki\Kaspersky Internet Security 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,99 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,07% Memory free 15,98 Gb Paging File | 13,32 Gb Available in Paging File | 83,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 28,84 Gb Free Space | 24,20% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 111,40 Gb Free Space | 74,14% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 70,27 Gb Free Space | 30,18% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 117,67 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive G: | 390,62 Gb Total Space | 92,12 Gb Free Space | 23,58% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 23,08 Gb Free Space | 11,82% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 113,05 Gb Free Space | 57,88% Space Free | Partition Type: NTFS Computer Name: BLODYTRAVELER | User Name: Traveler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-03-04 17:18:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Instalki\Kaspersky Internet Security\OTL.exe PRC - [2014-02-18 21:03:01 | 000,996,544 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2014-02-18 20:28:49 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2014-02-15 08:34:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-01-30 19:53:33 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-11-17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe PRC - [2013-11-15 09:56:36 | 004,881,624 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire2\Xfire.exe PRC - [2013-10-11 13:25:30 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2013-09-30 07:02:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-09-15 13:12:54 | 000,535,752 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe PRC - [2013-02-01 14:50:22 | 001,641,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe PRC - [2013-01-23 07:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2012-12-18 20:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2011-09-15 05:19:54 | 000,086,016 | ---- | M] () -- D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe PRC - [2011-07-28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\netcut\services\AIPS.exe PRC - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-02-15 08:34:29 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014-02-12 20:16:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll MOD - [2014-02-12 20:15:27 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll MOD - [2014-02-12 20:15:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll MOD - [2014-02-12 20:14:52 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll MOD - [2014-02-12 20:14:50 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll MOD - [2014-02-12 20:14:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll MOD - [2014-02-12 19:23:34 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll MOD - [2014-02-12 19:23:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll MOD - [2014-02-12 19:23:22 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll MOD - [2014-02-12 19:23:17 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll MOD - [2014-02-12 19:23:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll MOD - [2014-02-12 19:23:16 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll MOD - [2014-02-12 19:23:15 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014-02-12 19:23:14 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll MOD - [2014-02-12 19:23:13 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll MOD - [2014-02-12 19:23:13 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll MOD - [2014-02-12 19:23:12 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll MOD - [2014-02-12 19:23:11 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll MOD - [2014-02-12 19:23:10 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014-02-12 19:23:10 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll MOD - [2014-02-12 19:23:09 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014-02-12 19:23:04 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2013-06-17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll MOD - [2013-01-23 07:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2013-01-16 17:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2013-01-16 17:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2013-01-16 17:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2013-01-16 17:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2013-01-16 17:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2012-09-23 20:44:24 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\pl_pl\acrotray.pol MOD - [2011-04-30 20:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-01-03 08:36:38 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:[b]64bit:[/b] - [2013-12-06 21:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010-08-30 14:10:08 | 001,743,872 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV:[b]64bit:[/b] - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-02-21 17:59:01 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-02-15 08:34:29 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-12-19 23:50:00 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-10-11 13:25:30 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2013-10-04 13:10:12 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2013-09-30 07:02:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-02-28 18:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-18 20:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-09-04 10:14:23 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011-09-15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Autodesk 3DS Max\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64) SRV - [2011-07-28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files (x86)\netcut\services\AIPS.exe -- (AIPS) SRV - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys -- (SBUpdd) DRV:[b]64bit:[/b] - [2014-02-18 21:04:30 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2014-02-18 21:04:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2014-02-18 21:04:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:[b]64bit:[/b] - [2013-12-19 08:43:49 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2013-12-18 17:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013-12-06 22:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-12-06 21:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-12-01 15:02:16 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2013-11-15 07:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt) DRV:[b]64bit:[/b] - [2013-11-15 07:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:[b]64bit:[/b] - [2013-10-11 13:25:26 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2013-10-11 13:25:26 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2013-10-02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-09-24 15:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2013-09-14 19:48:41 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2013-05-14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:[b]64bit:[/b] - [2013-04-30 10:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:[b]64bit:[/b] - [2013-04-30 10:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:[b]64bit:[/b] - [2013-04-12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:[b]64bit:[/b] - [2013-01-17 20:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:[b]64bit:[/b] - [2012-09-20 13:45:56 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:[b]64bit:[/b] - [2012-09-20 13:45:56 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:[b]64bit:[/b] - [2012-09-20 13:45:28 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CD7.sys -- (SaiK0CD7) DRV:[b]64bit:[/b] - [2012-09-20 13:45:22 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK1708.sys -- (SaiK1708) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2012-08-24 18:53:29 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-03-08 08:53:14 | 000,022,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-12-02 11:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2011-10-08 02:14:20 | 000,027,608 | ---- | M] (XBCD Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD) DRV:[b]64bit:[/b] - [2011-09-29 10:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-09-16 08:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) DRV:[b]64bit:[/b] - [2011-09-16 08:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,057,960 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,057,960 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:[b]64bit:[/b] - [2011-06-15 14:11:20 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:[b]64bit:[/b] - [2011-05-20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-09 17:45:12 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi) DRV:[b]64bit:[/b] - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2010-08-30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:[b]64bit:[/b] - [2010-08-30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:[b]64bit:[/b] - [2010-08-30 14:38:36 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV:[b]64bit:[/b] - [2010-06-25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2009-12-30 10:21:04 | 000,030,776 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-11-24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:[b]64bit:[/b] - [2009-11-24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:[b]64bit:[/b] - [2009-07-16 10:20:26 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-07-24 19:02:14 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013-05-31 16:12:51 | 000,031,136 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64) DRV - [2013-02-05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013-01-23 07:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2012-08-01 14:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2011-06-02 09:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999-09-10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Traveler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-24 16:49:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-06-17 13:35:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-09-15 13:11:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-18 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014-02-05 18:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014-02-05 18:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2013-09-15 13:11:04 | 000,000,000 | ---D | M] [2013-04-17 06:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Traveler\AppData\Roaming\mozilla\Extensions [2013-04-17 06:43:32 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Traveler\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks [2014-02-15 08:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-02-15 08:34:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4816_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\Traveler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\ O1 HOSTS File: ([2014-03-04 17:33:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [Spotify Web Helper] C:\Users\Traveler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000..\Run: [uTorrent] C:\Users\Traveler\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - Startup: C:\Users\Traveler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame File not found O8:[b]64bit:[/b] - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image File not found O8:[b]64bit:[/b] - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link File not found O8:[b]64bit:[/b] - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude File not found O8:[b]64bit:[/b] - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report File not found O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_frame File not found O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_image File not found O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_link File not found O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_exclude File not found O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=MO2540G0&id=menu_ie_report File not found O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} https://dokumax.max-boegl.de/content/static/ecm/activex/Enable_Edit_In_Place.cab (InPEditor Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F7064A7-26C8-4F79-8950-B1A240BCFA44}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D395B88C-BE42-4389-B68D-0FB8DAD83354}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-01-14 18:59:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2014-03-06 21:21:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014-03-07 17:19:09 | 000,098,238 | ---- | M] () - C:\autoupdate.log -- [ NTFS ] O32 - AutoRun File - [2014-01-03 08:44:12 | 000,000,000 | ---D | M] - D:\Autodesk 3DS Max -- [ NTFS ] O32 - AutoRun File - [2014-01-03 15:59:05 | 000,000,000 | ---D | M] - D:\Autodesk Dokumenty -- [ NTFS ] O32 - AutoRun File - [2014-01-03 08:45:08 | 000,000,000 | ---D | M] - D:\Autodesk Mudbox -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-03-06 22:08:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-03-06 22:08:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2014-03-06 22:03:38 | 005,187,080 | R--- | C] (Swearware) -- C:\ComboFix.exe [2014-03-06 21:54:46 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-03-06 21:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014-03-06 21:29:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-03-06 21:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2014-03-05 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\Adobe [2014-03-04 20:29:28 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2014-03-04 20:29:28 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2014-03-04 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\GHISLER [2014-03-04 17:27:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2014-03-04 17:27:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2014-03-04 17:27:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2014-03-04 17:27:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2014-03-04 17:27:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014-03-01 07:59:27 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Thief [2014-02-23 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\com.efile.epity2013 [2014-02-23 17:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity [2014-02-23 17:17:30 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\fillUp [2014-02-23 17:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\e-file [2014-02-18 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Respawn [2014-02-15 13:39:04 | 000,000,000 | ---D | C] -- C:\Users\Traveler\Documents\Niestandardowe szablony pakietu Office [2014-02-15 08:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014-02-14 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\Apple Computer [2014-02-12 19:20:04 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-02-12 19:19:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-02-12 19:19:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-02-12 19:19:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-02-12 19:19:41 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-02-12 19:19:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-02-12 19:19:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-02-12 19:19:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-02-12 19:19:40 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-02-12 19:19:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-02-12 19:19:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-02-12 19:19:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-02-12 19:19:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-02-12 19:19:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-02-12 19:19:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-02-12 19:19:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-02-12 19:19:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-02-12 19:19:39 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-02-12 19:19:39 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-02-12 19:19:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-02-12 19:19:39 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-02-12 19:19:38 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-02-12 19:19:38 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-02-12 19:19:36 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-02-12 19:18:25 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2014-02-12 19:18:25 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2014-02-12 19:18:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2014-02-12 19:18:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2014-02-12 19:18:25 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2014-02-12 19:18:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2014-02-12 19:18:25 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll [2014-02-12 19:18:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2014-02-12 19:18:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2014-02-12 19:18:25 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2014-02-12 19:18:25 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2014-02-12 19:18:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2014-02-12 19:18:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2014-02-12 19:18:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2014-02-12 19:18:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2014-02-12 19:18:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2014-02-12 19:18:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2014-02-12 19:18:20 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2014-02-12 19:18:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2014-02-12 19:18:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2014-02-12 19:18:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2014-02-11 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Local\LooksBuilder [2014-02-11 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\Traveler\AppData\Roaming\Red Giant Link [2014-02-11 21:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant [2014-02-11 21:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks [2014-02-11 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder [2014-02-11 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Giant Link [2014-02-11 21:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RedGiant [2014-02-10 21:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2014-02-10 21:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2014-02-10 21:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2014-02-10 21:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2014-02-10 21:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2014-02-10 21:13:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014-02-10 21:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2014-02-10 21:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2014-02-10 21:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2014-02-10 21:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2014-02-10 21:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2014-02-10 21:12:11 | 000,000,000 | R--D | C] -- C:\MSOCache [2014-02-05 18:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-03-07 17:26:04 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-03-07 17:26:04 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-03-07 17:23:02 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-03-07 17:23:02 | 000,741,988 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-03-07 17:23:02 | 000,654,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-03-07 17:23:02 | 000,156,632 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-03-07 17:23:02 | 000,122,684 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-03-07 17:18:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-03-07 17:18:45 | 2140,790,783 | -HS- | M] () -- C:\hiberfil.sys [2014-03-06 22:09:50 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014-03-06 21:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-03-06 21:21:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2014-03-04 17:33:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014-03-04 17:23:23 | 005,187,080 | R--- | M] (Swearware) -- C:\ComboFix.exe [2014-02-26 21:59:31 | 000,007,601 | ---- | M] () -- C:\Users\Traveler\AppData\Local\Resmon.ResmonCfg [2014-02-25 18:29:14 | 000,006,164 | ---- | M] () -- C:\Users\Traveler\AppData\Local\recently-used.xbel [2014-02-21 17:59:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-02-21 17:59:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-02-18 21:04:30 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014-02-18 21:04:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2014-02-18 21:04:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014-02-18 20:28:49 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2014-02-17 17:57:28 | 015,464,789 | ---- | M] () -- C:\Users\Traveler\Desktop\Diablo III Caramelldansen.mp4 [2014-02-16 17:54:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2014-02-16 17:54:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-02-16 17:47:06 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014-02-13 21:40:49 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-02-13 21:40:49 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-02-12 19:21:13 | 001,645,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-02-11 20:34:38 | 000,022,528 | ---- | M] () -- C:\Users\Traveler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-11 15:33:12 | 005,018,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-02-09 10:29:19 | 000,124,074 | ---- | M] () -- C:\Users\Traveler\Documents\cc_20140209_102907.reg [2014-02-06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-02-06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-02-06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-02-06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-02-06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-02-06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-02-06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-02-06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-02-06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-02-06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-02-06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-02-06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-02-06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-02-06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-02-06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-02-06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-02-06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-02-06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-02-06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-02-06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-02-06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-02-06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-03-06 21:21:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2014-03-04 17:27:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014-03-04 17:27:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014-03-04 17:27:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014-03-04 17:27:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014-03-04 17:27:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014-02-25 18:29:14 | 000,006,164 | ---- | C] () -- C:\Users\Traveler\AppData\Local\recently-used.xbel [2014-02-23 17:17:33 | 000,001,177 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity 2013 - program, pity roczne, e-deklaracje.lnk [2014-02-18 20:28:49 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2014-02-17 17:56:44 | 015,464,789 | ---- | C] () -- C:\Users\Traveler\Desktop\Diablo III Caramelldansen.mp4 [2014-02-09 10:29:16 | 000,124,074 | ---- | C] () -- C:\Users\Traveler\Documents\cc_20140209_102907.reg [2014-01-18 09:46:26 | 000,000,037 | ---- | C] () -- C:\Users\Traveler\.gtk-bookmarks [2014-01-03 11:21:54 | 000,000,132 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Adobe Targa Format CS6 Prefs [2013-12-06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013-11-08 23:38:38 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\clinfo.exe [2013-10-10 17:52:32 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI [2013-10-08 13:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013-10-08 13:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013-09-01 11:02:17 | 000,000,145 | ---- | C] () -- C:\Users\Traveler\.gxiso [2013-08-07 18:11:28 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-08-07 18:11:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-07-24 16:47:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013-07-08 08:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll [2013-04-27 08:39:06 | 000,001,855 | ---- | C] () -- C:\Users\Traveler\.swfinfo [2013-04-03 06:46:02 | 000,011,761 | ---- | C] () -- C:\Users\Traveler\AppData\Local\unins000.msg [2013-04-03 06:46:02 | 000,002,445 | ---- | C] () -- C:\Users\Traveler\AppData\Local\unins000.dat [2013-03-29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-03-29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-03-02 11:15:29 | 000,000,000 | ---- | C] () -- C:\Users\Traveler\necflash [2013-02-19 18:59:58 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013-02-19 18:59:58 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013-02-16 12:45:54 | 001,065,984 | ---- | C] () -- C:\Users\Traveler\AppData\Local\file__0.localstorage [2013-02-06 20:11:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013-02-06 20:11:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013-02-06 20:11:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013-02-06 20:11:48 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013-02-01 19:54:59 | 000,000,132 | ---- | C] () -- C:\Users\Traveler\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012-12-18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-12-18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-12-18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-12-18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-12-18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-11-21 14:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-11-14 10:03:01 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-11-11 15:41:08 | 000,007,601 | ---- | C] () -- C:\Users\Traveler\AppData\Local\Resmon.ResmonCfg [2012-11-05 15:02:08 | 000,260,580 | ---- | C] () -- C:\Windows\SysWow64\temp.bin [2012-11-04 18:43:29 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32_2.47(dobreprogramy.pl).INI [2012-09-30 18:59:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe [2012-09-30 18:59:26 | 000,001,902 | ---- | C] () -- C:\Windows\unins001.dat [2012-09-30 15:04:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012-09-30 12:44:04 | 001,174,979 | ---- | C] () -- C:\Windows\unins000.exe [2012-09-30 12:44:04 | 000,001,257 | ---- | C] () -- C:\Windows\unins000.dat [2012-09-28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012-09-13 14:18:48 | 000,022,528 | ---- | C] () -- C:\Users\Traveler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-09-04 10:15:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012-09-03 14:40:07 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012-08-24 16:02:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-08-24 15:34:16 | 001,645,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-23 21:36:42 | 000,017,408 | ---- | C] () -- C:\Users\Traveler\AppData\Local\WebpageIcons.db [2012-08-23 21:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-08-21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012-08-21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-08-21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-01-03 08:50:19 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Autodesk [2013-05-14 13:52:06 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\AVI ReComp [2013-10-27 07:35:56 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Battle.net [2014-01-02 17:55:46 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Blender Foundation [2013-02-04 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012-12-20 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2014-02-23 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\com.efile.epity2013 [2013-09-14 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\DesktopIconGoodgame [2013-06-26 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Downloaded Installations [2012-09-26 06:17:55 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\e-academy Inc [2013-04-03 06:50:08 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\efile.epity2012 [2014-02-23 17:17:30 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\fillUp [2014-02-18 20:34:23 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\GG [2013-11-01 07:49:48 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\GHISLER [2013-11-17 18:24:55 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Guild Wars 2 [2013-05-19 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\IVONA 2 Voice [2013-07-30 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\IVONA Reader [2013-08-04 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Leadertech [2013-10-13 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\library_dir [2013-12-10 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Litecoin [2013-10-20 15:50:25 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\livestreamer [2012-11-07 09:28:54 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\LolClient [2012-09-10 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\NapiProjekt [2012-10-01 12:01:09 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Notepad++ [2013-09-01 09:11:45 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\OBS [2013-08-15 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\OnLive App [2013-10-29 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Origin [2012-09-30 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\PACE Anti-Piracy [2013-06-26 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\PingPlotter [2013-05-15 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Process Hacker 2 [2013-02-06 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Publish Providers [2013-06-16 06:37:16 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Rainmeter [2014-03-07 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Raptr [2014-02-11 21:04:27 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Red Giant Link [2013-02-19 18:37:26 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Samsung [2012-12-20 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\SolidDocuments [2013-02-08 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Sony [2013-02-06 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Sony Creative Software Inc [2012-09-30 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\SplitMediaLabs [2014-03-01 19:44:56 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Spotify [2012-08-24 15:26:51 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Thunderbird [2013-08-22 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Trine2 [2014-03-05 20:02:06 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\TS3Client [2012-10-06 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\ts3overlay [2013-07-11 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Unity [2014-03-07 17:42:04 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\uTorrent [2014-02-02 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\Vulcan [2014-02-03 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\XBMC [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2014-03-07 17:38:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = G:\Instalki\Kaspersky Internet Security 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,99 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,07% Memory free 15,98 Gb Paging File | 13,32 Gb Available in Paging File | 83,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 28,84 Gb Free Space | 24,20% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 111,40 Gb Free Space | 74,14% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 70,27 Gb Free Space | 30,18% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 117,67 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive G: | 390,62 Gb Total Space | 92,12 Gb Free Space | 23,58% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 23,08 Gb Free Space | 11,82% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 113,05 Gb Free Space | 57,88% Space Free | Partition Type: NTFS Computer Name: BLODYTRAVELER | User Name: Traveler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [ZXBTools] -- "I:\Dokumenty\Lukasz\XBOX\XBOX\Programy PC\ZXBTools_1.6a\ZXBTools_1.6a\ZXBTools.exe" -c "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [ZXBTools] -- "I:\Dokumenty\Lukasz\XBOX\XBOX\Programy PC\ZXBTools_1.6a\ZXBTools_1.6a\ZXBTools.exe" -c "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01452DAE-8962-4658-BBE4-99E8D237FA52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{12A6BF51-1E4F-4CEA-9748-7DC08B6D4AE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A85F331-2A6E-4176-A72C-F813AE0A2EB9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1CB437CF-E479-4504-819A-4E23A9A9B324}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2225DC95-737E-4488-9E90-50E60318A904}" = rport=445 | protocol=6 | dir=out | app=system | "{2998F21D-768B-4993-A982-D631F1F7FC71}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2B7E2206-5909-4D01-B7DC-F3E524F0FBE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{40C3B988-F4C4-4DE0-9D35-BD2DEB565E03}" = rport=138 | protocol=17 | dir=out | app=system | "{4D080D06-C5EC-4406-B51B-E86C24C52CAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D717568-A45B-4CCE-8590-13E7733EBA57}" = lport=139 | protocol=6 | dir=in | app=system | "{74A67508-09F1-4A78-B793-C95B00DA57C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81210ECD-31B8-4A65-8CA2-B2CAA1020CC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86215E86-B5EF-47D7-9FDF-94C6CE304783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C89ABBF-03E0-4198-8687-0C38FD8C3DCF}" = lport=445 | protocol=6 | dir=in | app=system | "{A71FD2DA-870C-412F-A9C3-D1AD4959C2BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD779245-AA4D-4F0C-AC5E-D3E702FBAD70}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2EEED42-722C-4174-89DF-084C43445899}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B81A0BCA-766F-4894-99CF-1F96755066F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA9F3163-4C70-4F48-8502-1A4B5A886021}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C29BBF9C-2BED-42EE-8364-4C57844B93EF}" = rport=10243 | protocol=6 | dir=out | app=system | "{C797A11A-7165-4073-9257-EBE1EC721AD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8FC3958-7EE5-44EF-86E0-5C31FEB19B72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF0CEDE3-DE33-45AC-A1D5-C93FCBD1071A}" = lport=137 | protocol=17 | dir=in | app=system | "{D2E4F679-0B28-4195-849D-485E7FAD700D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8667390-8B74-44A1-9454-2A63D62983CE}" = rport=139 | protocol=6 | dir=out | app=system | "{DA0AB206-0A58-4A92-BE60-C8A5655F2620}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E66494A4-7740-4A77-801B-60EBDC58CC54}" = lport=10243 | protocol=6 | dir=in | app=system | "{F3610ABE-A81F-41D5-8BDB-C089E3078426}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F3D669C9-776A-4513-B65C-97FBA09091AF}" = lport=138 | protocol=17 | dir=in | app=system | "{F6122469-F483-49BD-B5E0-3D5C02A2D462}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FE966347-890B-42A9-AB22-EECD7E1F13E5}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F8568F-A616-49B6-8382-A5F2502E1674}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\eye\eye.exe | "{045FB9BF-1058-470C-9D6E-66DD791249A2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0478195B-47C4-4A20-BF52-199738C134B9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{04C9CC23-29D9-48F8-BF76-3D311EBB10F4}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{0520B5E2-B38C-4D81-AE90-B744319DA91D}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{06D0104B-C96B-4E91-9DF3-0C0159EC5334}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\cargo commander\cargocommander.exe | "{072C8CBD-D74A-4B62-987D-62E2EEFA4F86}" = protocol=17 | dir=in | app=f:\gry\hearthstone\hearthstone.exe | "{0983B39C-881F-4B52-B6E8-3C83D4E0AB9B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{09B54D6D-FAFA-4ABF-AF92-D97EEA93FBF8}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{0A381E3F-5DD7-4A85-B38C-9A2ED03AA9CC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0AE56429-129C-4DA2-AAC9-382C72B60018}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{0B84CE12-1092-4376-89E8-D8F0D89139A8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0BDB6BA2-5429-4632-80C9-C957E1746BC4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0BE003FB-8FC0-455F-81A9-E9AC3C59EA5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0D81405D-3A51-499F-B062-C8D26BDBE92E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{0DD847CE-5862-4B0D-AF04-AF3608E6D1AF}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{0E2669D2-238C-4416-B2DD-5031FC3534D9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\metro 2033\metro2033.exe | "{0F0861EB-5133-40F8-A881-6573E51680F2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\the binding of isaac\isaac.exe | "{0FC70D4C-BE6F-4539-AC21-B1C5F3E9A00F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0FE150B2-0DDE-40ED-B98F-D947320B8C5C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{12004D6A-0F10-463B-9C0F-515B944D7816}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{14EC54A3-CA3C-401A-878F-A1BE8BE46A8F}" = protocol=6 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe | "{1627D75E-C4C3-4139-A7FD-478C07833BC9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{164A89E4-0DEA-44A8-9542-6D7DA78CFC6F}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{16FEC46D-856C-4EF6-9015-39A363549A2B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{17015459-B1F0-41AC-A2AB-7B348F266544}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{17B45E0D-30E6-47F4-85C9-856D3D2E8B70}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\eye\eye.exe | "{18D1C334-7AD2-413A-AB54-D6968B41C08F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A6DB263-355B-4066-B3E6-7FC9811FEBCF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{1AD9C7D8-43A7-4FBD-B84B-CF714084E0C1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{1B8223D3-9EEA-40A7-A591-CF9C7D1EB261}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | "{1C3B106A-885A-4D1F-B4E9-EDD7E294CA08}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{1C52BC9F-3CCF-45BB-99B4-036C5C253007}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{1C983F4A-61B5-401D-9417-928AF57011B0}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\ac3mp.exe | "{1E187CA6-9EBE-4B3A-A348-E50453FCCCB9}" = protocol=6 | dir=out | app=system | "{1E32632E-4EA7-44B5-84E9-209326706088}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{1E7F77EA-5B37-41BF-812E-110E51648C4C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{1EF92241-8CB2-45B5-B637-64F02DAA8999}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\metro 2033\metro2033.exe | "{1FC9B45A-4A62-4994-92AB-836FC2E5CFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{1FFC1986-EC53-4E0F-A5E6-4F37249C0645}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{24951873-5C4A-483A-A94D-DA98461BA985}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{24CA3CA7-E786-4414-822A-1ADDA831D111}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{25615032-C4E2-4FA4-A085-4C7E3457B705}" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "{25FF407B-D66A-40AD-8EA1-FFD26714B35A}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{27F1AAFF-B374-4C01-8CF9-9B71E54C2C14}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | "{281917D8-7CAA-4B88-9305-F9ED244F2872}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\utorrent\utorrent.exe | "{29129E85-68DF-4F01-BE05-306DFB46060E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\terraria\terraria.exe | "{291E1EA6-4FAD-4152-AFDF-056A49053B4B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alan wake\alanwake.exe | "{2B18C1A6-0FA4-4335-A934-F349AFFA445F}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{2B4EA4F5-C29A-4E91-B388-3F71A590A3C1}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{2BB2A914-E750-478C-BA9E-877AAA92C6F9}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{3166D7BE-2D5A-4283-A299-FC1972676D89}" = protocol=17 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe | "{316A36CA-FF0E-44CB-ADCE-5C006322F518}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{333C5851-B7A1-401E-99AC-35EC532C4739}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{335787E7-02E5-40D4-B7D6-7872DD8E9524}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\ac3sp.exe | "{33625709-66B7-4D00-8187-3B95FBF9D62E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\limbo\limbo.exe | "{343C6AB8-2029-4E8A-ACC0-EA60EA9D0B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{345F832F-E86E-47C6-8940-A495CF46719F}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{3470914B-2D40-48E2-9F46-B40D7B495254}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{3470A51F-5F7A-489B-97C1-88E3D5807645}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\bit.trip runner\runner.exe | "{349B9D17-1823-4AE3-80C7-3F206733EF0E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | "{34A498EE-E87F-4E36-9C22-B80497F0CB65}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{363E1CEF-80D0-489F-B1C2-7D5EA2EBDF85}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{37E141E2-DFF1-434B-A562-2281910F46D1}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{38A1BD74-CC38-4EE0-BF09-B1E8B2D71083}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{3A939DA8-70C8-4E9D-8FA3-DF319ADEF2CF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{3C12B912-5CBA-4E30-9C3C-254CAC33F81C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\jamestown\jamestown.exe | "{3C17D66B-43E3-499D-9DA4-8AB825E3E6B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3DC14A7F-4648-4543-BAC8-6B726A361798}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{3E4AA096-31B7-4A47-ACBE-20C51A3718CA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{3F804350-334B-4B86-A877-3EC36E8F4101}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | "{403ADE2E-1EFA-481B-B49A-A73BA2AFDD88}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{408C01A0-2B7C-478E-9085-3C14357C43F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40A17301-7B4A-44DE-8ACB-C6C6E926A719}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{40B06251-E301-44C3-8C92-872D07C4BF50}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{418D25E5-B806-4A86-8805-0DA1B290D5BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{420920AA-4676-41D1-A250-CB65ED1D9783}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{429FD814-8481-4473-8BF2-11EDCC61FDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{460D91A0-5327-4F00-AA13-7E0327C2C3EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{47EADC57-923C-4D57-9523-7CC7DA9DAEFF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{4818307A-3D88-4C03-8D65-FB2A789E0B3B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{493A8540-2767-46F3-94F1-49907F3DBE0A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\magicka\magicka.exe | "{49C373CF-8EBD-4555-ABAB-ADDA5B63E9F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4C49AA41-0C0B-456C-BEC1-A9C12D779EAB}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{4C7924D0-2873-43CC-A078-27302FCB2EDD}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\spelunky\spelunky.exe | "{4C852A63-A19C-4039-96E6-D69578776F57}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{4C856771-1285-4D3B-8CC9-D0D5830DF2B6}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{4D5275D1-D825-40F8-A6E9-8E7E6A2672AA}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{4E3D9BF7-B1EF-4618-A16E-B87AF4B512C0}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{4E5F16DB-3866-4E1A-B9CF-CEE755F77DB4}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{4EF7079F-9C47-4681-B4A8-E1BB5BF0982C}" = protocol=6 | dir=in | app=f:\gry\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe | "{50378406-AD5B-4E15-99F7-B14584F3803B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{51665BE9-2361-4750-9A29-0BB3CBD5F8E5}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{51CD47F2-7E72-48DF-B631-F1023C686A58}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\counter-strike\hl.exe | "{52488645-827D-4757-BFB4-70333498ED47}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{52C45FFF-E18F-419D-A824-F83F7FED67EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{538C9023-4D8D-438B-93B4-4E3BF86482F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55921E84-4CBD-4F8B-A029-732BFF684711}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{55D3D37B-A2F1-46D3-8562-B76215F611C0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{57C120C2-A368-4A1B-9398-4EE741C31080}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{58164C25-F1C6-48A0-BE82-A648C31624CE}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\magicka\magicka.exe | "{59FBB9DC-F85A-400D-A328-ECD1DFB385C8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike source\hl2.exe | "{5A03E239-DC18-463F-A1A9-BE3D2F8FACE7}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{5A565B4E-6CAF-4FC6-9303-14FE924A96ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5ADD91D6-5044-459F-A95A-BBA2303183F4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{5C08CD0C-AE7B-4C8F-BE8F-F90777584F78}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5C0E7B11-4893-45EF-896A-2432BE41567D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5C3F93DC-2B28-40B8-B1FD-21EC052132A6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{5C5FEE17-0CC8-436F-BCE3-09D8A514E3B4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\counter-strike\hl.exe | "{5C82EF6B-F524-4A97-9094-BC8CA43BDC15}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{5CC5E22D-B3CE-4521-91EB-E4DF029106E2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5D1D3115-9918-4F38-8B11-C7CE6A34DECE}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{5D80DC6A-53D0-4F57-B35C-40D6DC91C685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5DBB7A2F-7354-4578-995D-CEC107A3DD01}" = protocol=6 | dir=in | app=h:\gry\steam\steam.exe | "{5DFD7E4F-A269-42E7-8EA5-124D442675A2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{5E02FC03-2A0D-4B1C-8C89-31CED97F9514}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{5E9C6121-0575-4E8E-BF52-ABDB51C8194C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\bit.trip runner\runner.exe | "{5F36059C-234D-44AB-9B56-4A925DE261CE}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight\torchlight.exe | "{5FA75DC6-B4E4-41DD-9796-C7D0702EDD60}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\assassinscreed3.exe | "{603A1ED5-D89D-4395-BC5C-56CE7CE91E92}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{608C50D4-4754-467F-8D72-6A5BF1A4229E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{60AC003B-A914-4CDD-94C7-2CC974DD598F}" = dir=in | name=blokadayt | "{616A4C91-C05E-439E-83AF-29D64408D469}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{61DD8973-6BF1-49DA-9A1C-9907B5A837C3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{63309E4B-25AB-4DDF-82E7-3CD016B8FC16}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{63B7B0F9-8B20-4CE4-AD50-8905122C97D2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{642FA015-4E04-425B-8FAF-FA7938F858EC}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{6650C1CD-A11C-44B5-BBAF-55AAC2109025}" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "{66A21912-3D92-428F-AD9D-DA511F0C942E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{696D805B-9F04-48A6-A42D-499063225007}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{6A0A090B-71EE-4D7F-9922-9A7867B912E3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{6A823895-C700-40D0-9CC3-6BCA7C112CCC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{6DDC3813-25C4-4276-859F-FE3A2C079085}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{6FB0015A-91E9-4ACA-A415-E897418F1D2B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{7009B4BC-2ECE-4398-90A9-FBA0C6FF8045}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{7086293E-32BB-431F-B942-6D4D9F0A8AB4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{70F06249-20BC-4009-8361-92268F4EB403}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{7263F145-042A-4782-9585-82FD9CF48AB1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7297DE36-D5AA-42EC-993A-407C75158862}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{746B7ECC-E4E4-4332-AE53-DD0E6B0B2EC1}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{75A58CF6-1543-47DD-AA93-A5C932FB0A92}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{75BB251D-4E21-4AC8-94A8-67A11A33306A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{765C9C4E-D652-4DA3-A632-CFEA4C003DDA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{76BC80B0-36AF-4FB1-8DCE-6E2D181701A9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{76D28052-B920-45F5-AF9C-97EA6D8D7422}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{779AAC6C-5FD3-438A-A6A9-4EC24A482D9B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{78CF1004-1D55-4021-8B59-D4FFF014816C}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{78F018C5-A702-4776-A9AD-70D2C224DA20}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{792EFF80-DEBA-4C96-BD5D-135ADB808ADF}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\terraria\terraria.exe | "{79AB0FEF-5DAA-4D56-90A1-B4C0A74D00B5}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{7ACA905A-CAE1-46BB-A9E1-48C88B06DFCA}" = protocol=6 | dir=in | app=f:\gry\starcraft ii\starcraft ii.exe | "{7AD4CF79-B6AF-451D-8742-9590B7C089D0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{7B7CAE52-EA71-4686-BF61-1970AB246809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C03B003-06A1-4BD0-9720-C9260A6F30EF}" = protocol=17 | dir=in | app=e:\gry\assassin creed 3\ac3sp.exe | "{7CA4B678-66D8-4383-AF6F-0EB0C03E4A04}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{7CD45094-40EC-443A-BCF7-2B61DBE08D00}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{7DDF7B02-5B54-491F-BEA4-7E7E2DB428E7}" = protocol=17 | dir=in | app=f:\gry\starcraft ii\starcraft ii public test.exe | "{7DE7CAF9-6E98-41BF-B8FE-9AE202BA33E0}" = protocol=17 | dir=in | app=h:\gry\steam\steam.exe | "{80781D1C-76AB-4FC2-A0EE-16E1FB1035F9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\super meat boy\supermeatboy.exe | "{80AAC189-7E6C-45EA-BB74-13A76FE0879E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{81DB63B1-BCEE-4A18-A857-0A4618924E79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{824E7C71-F682-49DF-8063-87C521D71B3D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{82C03DE8-BE98-4FC9-9503-E15E8A00C412}" = protocol=6 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe | "{852CA690-E18B-42B1-9C15-B8499AE4997A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{882DA0E0-5620-4A11-903C-7CC5CF1800C0}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\assassinscreed3.exe | "{89E91983-8E2E-491E-9E0B-63A14582B354}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{89FCD3C9-1CFE-4A4E-8690-6C0240295443}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{8A00EA8F-1BAC-4C1A-B9A4-1F0D8E177CF2}" = protocol=17 | dir=in | app=e:\gry\league of legends\league of legends\lol.launcher.exe | "{8ABF2798-186F-450F-8189-8FCE15C8C172}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{8C044C90-96E6-438C-9072-F84D69A76009}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{8D562A75-2BB2-426E-8645-FAA8A10EDA44}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{8D981C38-C423-4B05-93E8-60FD07AD6AAC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{8DC773C9-16D4-41A8-98E2-25216700A3CE}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{8E536D5A-B6A1-4562-A2A3-30B864F2F1D7}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\half-life\hl.exe | "{8F95555D-421F-4D17-9485-60D830CF5040}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{8FA5C8B0-4FCE-480A-9FD6-5B694399A93A}" = protocol=17 | dir=in | app=d:\autodesk 3ds max\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe | "{9079FCB4-977D-465B-97F0-A05AB295DA3E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\half-life 2\hl2.exe | "{915E6996-9CB1-4AF0-A7B9-E18C3736B255}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{923E88C7-36AF-4685-975E-E935667A35F9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{94254F85-656D-4764-B926-DE02870340A2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{94E47F56-51A3-443F-A73C-93D956D21040}" = protocol=6 | dir=in | app=f:\gry\starcraft ii\starcraft ii public test.exe | "{9531E10A-480A-4934-ACC4-28350D2D4AA7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{968FF8EF-2466-429D-B776-8C4BA978EE91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{98148271-DA36-453B-A4A2-69650E6D2983}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\spelunky\spelunky.exe | "{996BE42F-AE59-4E57-AC2F-2F61691008DB}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{9B61AF0A-C3C9-414E-AAF4-524464A6FD5D}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9C082BDE-B111-4C0A-A967-8D13272B5A0A}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{9DB80DD3-090B-409D-99CE-CF305CF0ED9E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9DC51B62-EC4B-4F9E-BAE4-7BEEF4C08E39}" = protocol=6 | dir=in | app=f:\gry\hearthstone\hearthstone.exe | "{9E4681E0-4A40-463E-8AB8-88637A9E4DA6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{9EAFFED8-78A1-4984-BAA2-2C0FA452C667}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\cargo commander\cargocommander.exe | "{9F1833F4-EB63-43E8-A5C7-955B3155E4B2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{A08D3BDF-0829-40B1-A589-96E971F472C2}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{A0A0F23D-3152-4286-9C07-55E70478CF24}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{A0F17C59-8E44-49F6-9CE1-34013E397DCE}" = protocol=17 | dir=in | app=f:\gry\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe | "{A150406F-64E1-48FA-850C-9F2B825CA09B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A2912320-9484-45F8-B876-F3DE9A8FDEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{A3845591-D577-44F2-AD6C-10BE605486A5}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\limbo\limbo.exe | "{A56C7054-541B-4E4C-B773-AC0EB516C786}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A5F590BD-B945-4F72-8169-4E9A38939473}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{A952D89E-B2B0-496A-822F-E68A565C4FF8}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{AB238C25-B25E-4634-8906-87BE3D247302}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{ABC9C99F-8D02-49E3-9434-41AEEB79332B}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{AD8F130F-F7CE-4DFB-A978-47E77A059348}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\path of exile\pathofexilesteam.exe | "{AF8F7BF7-BBD5-4ECF-B163-FC6E840C3BFA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | "{B06BDB06-ACF0-4BCE-B347-1A2C787F30F1}" = protocol=6 | dir=in | app=e:\gry\battlefield 3\battlefield 3\bf3.exe | "{B0E0CAB7-9F0D-4854-B33B-02774778FB47}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B16CBE96-AA09-4A25-920B-1A4F760E47C2}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\blodytraveler\half-life\hl.exe | "{B2B3610C-9510-41BB-B0EA-75277BFF29CF}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{B32DF6E3-5CB5-4DE8-9DCE-DF7723E7E49B}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B3A11509-AD05-42BC-92B2-E5CD9B03AADA}" = protocol=17 | dir=in | app=c:\users\traveler\appdata\roaming\utorrent\utorrent.exe | "{B49D0784-6F29-4914-87FA-A8C92D2D99BE}" = protocol=6 | dir=in | app=e:\gry\assassin creed 3\ac3mp.exe | "{B5F1F3F9-28FC-43AD-ABB6-8AFC09883B5C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\jamestown\jamestown.exe | "{B73E4862-9B65-4F25-97F0-4221854AD019}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B7C38F55-6C80-46FB-8548-CCA5EC43D979}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{B7FCF97B-574A-41E5-AD9C-2B033D8DED62}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{B9E43DDE-A963-49F9-BD6A-128BC4FCB19C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{BA1C04A5-7D7C-4DA1-99DD-C5F2EC45001B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{BDA4F192-1BB7-4BA3-9CC6-D2D1F8CAF816}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | "{C1C6F41A-48BC-49BC-82A2-B83D8E4F9BD0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{C33A03B7-AD26-4994-8F17-4913DE577C9E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C47C87F2-8C3F-461B-BB8E-2126D1D80DBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C57F5B5F-7998-4D63-BD8B-C324511D9DA3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\half-life 2\hl2.exe | "{C5FA302F-343D-4A7F-AD78-F2B865982653}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\123kickit\123kickit.exe | "{C620B959-68A0-484F-B449-F1DDE7DB0A37}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{C67CE6E1-28C4-4188-9BB0-79DCB7D91527}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | "{C67EA651-CC71-4A75-8864-D4913B354C8C}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\portal 2\portal2.exe | "{C8F2213A-040C-43C4-A3AE-EA300F73490E}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C974D703-3A14-48F6-B752-66345F1B1764}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\titan attacks\titanattacks.exe | "{C9E6DC6E-9CBF-420B-B9CE-0C9A57AFFA68}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{CA242323-C45C-409D-8C6D-C856ABCF1663}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{CACE3C89-9824-482C-B58C-421CB46527DC}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{CDDD6A1B-DED2-44A0-A425-03AF93561BF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CDF5D132-6796-4BA0-80B6-8027E95BAE8A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{CE128873-0F23-4CF2-9600-9CF7AA725A80}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{CEC8F09C-F7B8-47AA-9B1B-A8BE71F3A675}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\trine 2\trine2_launcher.exe | "{CF167AC0-33D5-4B99-BC3C-FB2854656A5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D02AD5A0-232E-44F5-9EEC-E8333CD57A33}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D069083D-073D-4FA5-9CA5-2E620F97CB99}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D4D7A61F-EED3-4FD3-B317-FDACC37C1EF9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{D6F0E647-3262-4E1A-81F7-879E568441FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{D79BEAED-862D-4CDC-8768-D3F855A51DE3}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{DA83907E-BE6C-42D9-ABB1-C695295B9D02}" = protocol=17 | dir=in | app=f:\gry\starcraft ii\starcraft ii.exe | "{DDC4BB55-8745-4AD7-9C2C-6E4011A77CD8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{DE1C63A7-CEF0-41A4-85CD-AD89BDC108E3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | "{E070B88B-FB32-44FD-B5D3-7280756A3E04}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{E154B07A-9D3D-4BA1-A504-6A2C8FCC03E9}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\torchlight2.exe | "{E263989D-4C74-40FE-A46E-EC93A8B61C66}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{E3990B84-4FCF-46C1-A568-0B9B6E4F3949}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alan wake\alanwake.exe | "{E42871B7-8FF9-4744-A6F1-532988474600}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{E5592A6C-ED09-4EE2-8727-1026F12311C5}" = protocol=6 | dir=in | app=c:\users\traveler\appdata\roaming\spotify\spotify.exe | "{E578E8C8-2D40-487D-A96D-7C2836D99ADA}" = protocol=17 | dir=in | app=e:\gry\battlefield 3\battlefield 3\bf3.exe | "{E5D3E943-54C3-4225-B41B-340DB67B8491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E6D7C1F3-594C-46DE-8A2E-55E5F896B3D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{E6F8A5F2-6E62-4AD4-8721-BAD167DD9A1E}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight\torchlight.exe | "{E81605F0-AF0C-4EBD-B693-AB0D0CA2F9D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9A07AE9-1010-41C1-BC4B-9CE83E3EA1E6}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\modlauncher.exe | "{EABA3E1F-E98F-4A3D-AB11-38DC541BD17A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\torchlight2.exe | "{EB333181-2E86-4F56-9999-E9B56AED4C4A}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{EBD74185-0148-44BD-8A65-31A568128066}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{EC21E22E-1018-41C0-8545-55DB968B53A4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{F2021DD0-46DD-45AF-A6D9-D559F74C8AD0}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{F33159C8-72DB-467E-951D-26EE452EEBD4}" = protocol=6 | dir=in | app=h:\gry\steam\steamapps\common\counter-strike source\hl2.exe | "{F6798E72-84FD-4FE1-98BC-AB2DCD337405}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\super meat boy\supermeatboy.exe | "{F823A681-6B40-4B77-B308-E59FA69CED55}" = protocol=6 | dir=in | app=e:\gry\league of legends\league of legends\lol.launcher.exe | "{F9144852-06BF-4FF6-883C-57F0C06D8CCA}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{FA71D507-A5E0-4DAA-B987-C0C1D91C04EB}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\might & magic - duel of champions\game.exe | "{FBB691E6-3E57-4EE3-A4CE-69121AE0F847}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{FC5B2101-4F52-4F85-8236-BE2DEFD858F3}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\team fortress 2\hl2.exe | "{FC7AA6F7-FC33-4891-9B5F-8E0C0014F885}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\the binding of isaac\isaac.exe | "{FCCB46B5-4BEB-45D4-A524-EF69CCC9E25D}" = protocol=17 | dir=in | app=h:\gry\steam\steamapps\common\torchlight ii\modlauncher.exe | "TCP Query User{07D0F8DD-F922-44B4-A99B-F8D0C869F8C0}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "TCP Query User{1E2AAFCE-EF1D-4EF9-B062-10175E8EE5A9}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | "TCP Query User{1E31D260-66BE-4738-BDB1-A895F4BD98AD}E:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=6 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe | "TCP Query User{4A9B6374-6C7B-4EED-8CC3-8647385E97D9}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | "TCP Query User{764CCB57-4EBD-4CD5-A929-9E37436C95E9}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | "TCP Query User{7AF90C53-B114-4E24-BF72-7C23DFEE6932}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "TCP Query User{B717A842-7FA0-4189-ACDA-A2685F39AF11}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "TCP Query User{D3454512-D57F-4E62-AD71-0F6E568E6F89}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "TCP Query User{EA348729-3C08-4EBB-B104-B1EAB2CDEC26}E:\gry\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\launcher.exe | "TCP Query User{F0D54B0F-2BF0-4427-BFED-DEAD2BB5CE63}C:\program files (x86)\bitcoin\daemon\bitcoind.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\daemon\bitcoind.exe | "UDP Query User{4D846A6F-A1AF-427A-9682-252B573D344A}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "UDP Query User{780BCEA4-70F2-4C30-ADC5-0E531C9EC631}E:\gry\duel of champions\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\launcher.exe | "UDP Query User{7B7E2652-A2DD-4119-A8D5-70508384DDA6}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "UDP Query User{81955BC1-4AE4-4765-8BCB-815FB7488B02}C:\program files (x86)\bitcoin\daemon\bitcoind.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\daemon\bitcoind.exe | "UDP Query User{C00109D3-3385-47DE-BD72-1A4BEBD8228D}E:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe" = protocol=17 | dir=in | app=e:\gry\duel of champions\mmdoc-pdclive\gamedata\game.exe | "UDP Query User{D3869507-86DD-4001-8CCB-2B59DD62102F}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "UDP Query User{DAD3E790-965D-407D-AF9C-8CB45D0840FE}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "UDP Query User{F8B7E6DD-79A9-4FF2-8B11-FB866A8E3ECF}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | "UDP Query User{FF16EA8C-CC70-4CFE-BDDB-F6762434C190}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | "UDP Query User{FF4CC8A5-7DE5-45E7-96B3-ABFFBAE258C1}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009751C6-22D7-4548-A313-AD48FA57076F}" = Autodesk Inventor Server Engine for 3ds Max 2014 64-bit "{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller "{0BB716E0-1400-0610-0000-097DC2F354DF}" = Autodesk Revit Interoperability for 3ds Max 2014 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{45F1F774-38B4-3CC3-BAAF-051E6D19E48E}" = Microsoft .NET Framework 4.5.1 (PLK) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D2F05BB-228E-4081-B94C-50AD015EE462}" = Magic Bullet Suite 64-bit "{52B37EC7-D836-0409-0064-3C24BCED2010}" = Autodesk 3ds Max 2014 "{5AAB972C-FF31-4B01-8445-50C42860EC02}" = Autodesk Composite 2014 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7491836B-659E-47DD-ABBF-F875AD48FD10}" = Autodesk 3ds Max 2014 64-bit Populate Data "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists "{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}" = Autodesk DirectConnect 2014 64-bit "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{90150000-0015-0415-1000-0000000FF1CE}" = Microsoft Access MUI (Polish) 2013 "{90150000-0016-0415-1000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013 "{90150000-0018-0415-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013 "{90150000-0019-0415-1000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013 "{90150000-001A-0415-1000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013 "{90150000-001B-0415-1000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-0415-1000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski "{90150000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013 "{90150000-0044-0415-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Polish) 2013 "{90150000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013 "{90150000-0090-0415-1000-0000000FF1CE}" = Microsoft DCF MUI (Polish) 2013 "{90150000-00A1-0415-1000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013 "{90150000-00BA-0415-1000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2013 "{90150000-00E1-0415-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013 "{90150000-00E2-0415-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013 "{90150000-012B-0415-1000-0000000FF1CE}" = Microsoft Lync MUI (Polish) 2013 "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64 "{B192EDAC-25C7-408D-99A0-A23455F50E27}" = AMD APP SDK 2.9 "{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding "{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders "{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13 "{CC36410B-5EAB-C255-FF28-E066F479DA89}" = AMD Wireless Display v3.0 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DC65DFD8-E175-4A85-948A-42965853B2E8}" = Oracle VM VirtualBox 4.3.6 "{E8814D63-BB76-4C89-A25E-264ECF11D00D}" = Autodesk Essential Skills Movies for 3ds Max 2014 64-bit "{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0 "{F9BE7B54-D322-43D6-83DD-CD132E4B8EEE}" = Autodesk Mudbox 2014 "{FB562550-BBE6-4298-861A-5C0A6562C272}_is1" = Revo Uninstaller Pro 2.1.1 "{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding "0630-0716-3135-7887" = JDownloader 2 "Autodesk 3ds Max 2014" = Autodesk 3ds Max 2014 "Autodesk Composite 2014" = Autodesk Composite 2014 "Autodesk DirectConnect 2014 64-bit" = Autodesk DirectConnect 2014 64-bit "Autodesk Mudbox 2014" = Autodesk Mudbox 2014 "Autodesk Revit Interoperability for 3ds Max 2014" = Autodesk Revit Interoperability for 3ds Max 2014 "Blender" = Blender "C6DCA6D8EFAB374E8F91A705567555FF4DAF025D" = Pakiet sterowników systemu Windows - XBCD Project HID (16/05/2008 1.1.0) "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.4 "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.7.0 (64-bit) "Logitech Gaming Software" = Logitech Gaming Software 8.46 "Office15.PROPLUS" = Microsoft Office Professional Plus 2013 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Totalcmd64" = Total Commander 64-bit (Remove or Repair) "Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10 "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.117.08260 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center "{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1D5A19F2-DC0D-43C3-BD43-E501AEF3424D}" = Futuremark SystemInfo "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech "{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}" = Autodesk Download Manager "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2014 "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B12.0308.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian "{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0 "{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1" = PackBit Codec version 1.0.0.1Beta "{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}" = Razer BlackWidow Ultimate Firmware Updater "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX "{80D8170E-5590-4318-A9ED-E24E4C99A18C}_is1" = e-pity 5.0 za rok 2013 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish "{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese "{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III "{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}" = Autodesk Material Library Medium Resolution Image Library 2014 "{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A82EF4BC-81CB-4AC6-A3BE-3201BB8F53CF}" = Playfire "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B5BE22C7-420A-5F14-A1B9-4AB3F3DE0A3E}" = Catalyst Control Center InstallProxy "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian "{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{c6072f71-b8f8-4b4a-a616-5e8cd64cd41e}" = Playfire "{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel "{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}" = PingPlotter Standard 3.40.2s "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean "{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese "{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy "{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1" = Open Broadcaster Software version 0.461a "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple "{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.19.0 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Ad Muncher" = Ad Muncher v4.91 Build 32562 "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "Afterburner" = MSI Afterburner 2.3.1 "Battle.net" = Battle.net "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "CWK" = CWK (Czasowy Wyłącznik Komputera) "Diablo III" = Diablo III "DivX Setup" = DivX Setup "DMC Devi May Cry (c) Capcom_is1" = DMC Devi May Cry (c) Capcom version 1 "Driver Cleaner" = Driver Cleaner 3 "DVDFab 8 Qt_is1" = DVDFab 8.2.0.8 (29/08/2012) Qt "Dxtory2.0_is1" = Dxtory version 2.0.114 "ESN Sonar-0.70.4" = ESN Sonar "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "FLV to AVI MPEG WMV 3GP MP4 iPod Converter5.2.0603" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "HD Tune_is1" = HD Tune 2.55 "Hearthstone" = Hearthstone "HWiNFO32_is1" = HWiNFO32 Version 4.18 "InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}" = Magic Bullet Suite 64-bit "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security "IVONA 2" = IVONA 2 "IVONA Reader" = IVONA Reader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0 "Livestreamer" = Livestreamer 1.6.1 "MMDoC-PDCLive" = Duel of Champions "MozBackup" = MozBackup 1.4.10 "Mozilla Firefox 27.0.1 (x86 pl)" = Mozilla Firefox 27.0.1 (x86 pl) "Mozilla Thunderbird 24.3.0 (x86 pl)" = Mozilla Thunderbird 24.3.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.0.0.2151) "NetCut_is1" = NetCut 2.1.4 "Notepad++" = Notepad++ "Open Broadcaster Software" = Open Broadcaster Software "OpenAL" = OpenAL "OpenVPN" = OpenVPN 2.1_rc19 "Origin" = Origin "PowerMenu" = PowerMenu 1.51 "Rainmeter" = Rainmeter "Raptr" = Raptr "Razer Game Booster_is1" = Razer Game Booster "StarCraft II" = StarCraft II "Steam App 108710" = Alan Wake "Steam App 15540" = 1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby) "Steam App 202352" = Steam Trading Card Beta Access "Steam App 210770" = Sanctum 2 "Steam App 211400" = Deadlight "Steam App 220" = Half-Life 2 "Steam App 220460" = Cargo Commander "Steam App 238960" = Path of Exile "Steam App 239350" = Spelunky "Steam App 244870" = Electronic Super Joy "Steam App 256410" = Might & Magic: Duel of Champions "Steam App 35720" = Trine 2 "Steam App 440" = Team Fortress 2 "Steam App 49520" = Borderlands 2 "Steam App 63710" = BIT.TRIP RUNNER "Steam App 730" = Counter-Strike: Global Offensive "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light (c) Deep Silver version 1 "Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5 "Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0 "Uplay" = Uplay "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "Winamp" = Winamp "WinPcapInst" = WinPcap 4.1.2 "x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) "XfireCodec" = Xfire Codec (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2294864315-1545841318-3897952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Bitcoin" = Bitcoin "GG" = GG "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent "XBMC" = XBMC [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-05 12:10:05 | Computer Name = BlodyTraveler | Source = IVONA 2 Voice | ID = 4616 Description = IVONA 2 Voice Jacek22: nieprawidłowy argument: Invalid argument. Error - 2014-03-06 15:40:44 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 16:47:34 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 16:48:46 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = VSS | ID = 18 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = VSS | ID = 8193 Description = Error - 2014-03-06 17:03:59 | Computer Name = BlodyTraveler | Source = System Restore | ID = 8193 Description = Error - 2014-03-06 17:44:56 | Computer Name = BlodyTraveler | Source = VSS | ID = 8194 Description = [ NetLimiter 3 Events ] Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = <nl-error-list> <nl-error> <err-code>0</err-code> <hresult code='80070002'>Nie można odnaleźć określonego pliku.</hresult> <module>NetLimiter.Main.123</module> <param name='last-error' value='2'/> <param name='fun-name' value='OpenDevice'/> </nl-error> </nl-error-list> Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = <nl-error-list> <nl-error> <err-code>2010</err-code> <module>NetLimiter.Main.77</module> <desc>Failed to initialize NetLimiter service.</desc> </nl-error> <nl-error> <err-code>0</err-code> <hresult code='80070002'>Nie można odnaleźć określonego pliku.</hresult> <module>NetLimiter.Main.123</module> <param name='last-error' value='2'/> <param name='fun-name' value='OpenDevice'/> </nl-error> </nl-error-list> Error - 2012-12-02 14:22:07 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = The service failed to start Error - 2012-12-02 14:23:17 | Computer Name = BlodyTraveler | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired [ System Events ] Error - 2014-03-06 17:08:09 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7001 Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2014-03-06 17:09:26 | Computer Name = BlodyTraveler | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Aspi32.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-03-06 17:09:26 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 Error - 2014-03-07 12:05:02 | Computer Name = BlodyTraveler | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Aspi32.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-03-07 12:05:02 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 Error - 2014-03-07 12:07:47 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7034 Description = Usługa Arp Intelligent Protection Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2014-03-07 12:09:01 | Computer Name = BlodyTraveler | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Aspi32.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-03-07 12:09:01 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 Error - 2014-03-07 12:18:48 | Computer Name = BlodyTraveler | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\Drivers\Aspi32.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2014-03-07 12:18:48 | Computer Name = BlodyTraveler | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aspi32 z powodu następującego błędu: %%1275 < End of report >