Searchnu przy otwieraniu nowej karty

**Posty:** 1495 · przez **Buszinio** 25 Sie 2012, 17:48

Witam, ostatnio musiałem zainstalować jakiś śmieciowy program i od tamtej pory we wszystkich przeglądarkach jakie posiadam przy otwarciu nowej karty wyświetla mi się takie coś jak searchnu.com. Każda próba zmiany strony startowej na inną kończy się blokadą tego robaka... Jak to usunąć?

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-08-25 17:40:46 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Mateusz\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,57% Memory free 8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 3,30 Gb Free Space | 2,95% Space Free | Partition Type: NTFS Drive E: | 37,27 Gb Total Space | 8,42 Gb Free Space | 22,58% Space Free | Partition Type: NTFS Computer Name: DOMINATOR | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-25 16:50:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Downloads\OTL.exe PRC - [2012-08-06 08:45:03 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012-07-14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-04-03 15:24:32 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe PRC - [2011-12-31 14:07:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-08-25 16:04:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011-08-22 09:48:44 | 003,346,032 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe PRC - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011-04-21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011-02-17 05:38:18 | 000,920,064 | ---- | M] () -- C:\Program Files (x86)\WGA Remover\wgaremover.exe PRC - [2010-10-20 12:22:24 | 000,630,272 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010-04-12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2010-02-18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009-11-11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009-10-27 11:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-02-05 14:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE PRC - [2007-04-25 13:36:36 | 000,280,064 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe PRC - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2007-02-09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe PRC - [2007-02-09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-14 02:14:07 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-02-29 16:33:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe MOD - [2011-02-17 05:38:18 | 000,920,064 | ---- | M] () -- C:\Program Files (x86)\WGA Remover\wgaremover.exe MOD - [2010-03-29 14:02:48 | 000,520,234 | ---- | M] () -- C:\ProgramData\Babylon\sqlite3.dll MOD - [2008-08-12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008-07-29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008-07-29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008-07-29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008-07-29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2008-07-29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007-04-25 13:34:46 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll MOD - [2007-04-25 13:33:54 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll MOD - [2007-04-24 11:49:34 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\di2c.dll MOD - [2007-02-09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe MOD - [2007-02-09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe MOD - [2007-02-09 13:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-11-10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-11-09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-07-14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011-12-31 14:07:08 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-08-25 16:04:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-04-21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-02 11:25:27 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-10-20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010-01-12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-02-05 14:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2007-04-25 13:34:44 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-11-10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2011-11-10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011-11-10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011-08-25 16:04:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2011-08-25 16:04:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2011-07-29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:[b]64bit:[/b] - [2011-07-29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:[b]64bit:[/b] - [2011-06-24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:[b]64bit:[/b] - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-12-02 12:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2010-12-02 12:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2010-12-02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:[b]64bit:[/b] - [2010-12-02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2010-12-02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:[b]64bit:[/b] - [2010-12-02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2010-12-02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2010-04-12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2010-02-26 14:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:[b]64bit:[/b] - [2009-09-23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:[b]64bit:[/b] - [2009-07-14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-07-14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-12-25 11:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2008-08-28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2007-07-18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID) DRV:[b]64bit:[/b] - [2007-04-20 08:22:34 | 000,073,440 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CoachUsb.sys -- (CoachUsb) DRV:[b]64bit:[/b] - [2007-04-20 08:22:34 | 000,066,336 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CoachVid.sys -- (CoachVid) DRV:[b]64bit:[/b] - [2006-11-16 18:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pdiports.sys -- (PdiPorts) DRV:[b]64bit:[/b] - [2006-08-29 16:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prodigy.sys -- (PRODIGY) DRV - [2012-08-25 17:13:46 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011-07-29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011-07-29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010-01-29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{848F1555-0090-4524-ACB1-F6850E321048}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f&q={searchTerms} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=iron&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_US IE - HKCU\..\SearchScopes\{848F1555-0090-4524-ACB1-F6850E321048}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{B15F5A73-F27E-4343-9EF3-929C8E06F4F2}: "URL" = http://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms} IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mateusz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-08-21 18:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-08-21 18:35:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-03 15:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-25 17:06:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-11-19 18:52:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-08-24 21:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions [2012-08-25 16:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\1gwc3g7p.default\extensions [2012-08-24 21:18:12 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\1gwc3g7p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-06-27 14:33:18 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\1gwc3g7p.default\extensions\plugin@yontoo.com [2012-08-25 17:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-07-14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010-02-15 17:35:06 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2012-07-14 03:22:43 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2011-06-30 12:17:59 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012-07-14 03:22:43 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011-03-19 14:33:13 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012-07-14 03:22:43 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-07-14 03:22:43 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-08-24 21:18:10 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-07-14 03:22:43 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-07-14 03:22:43 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.searchnu.com/406 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.searchnu.com/406 CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggcgfnjklfejfanaekicpiiablpbdfba\3_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingclbkakpbccicdfidmlgmplkiipoll\1.1_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kphehmgholanghcpmibmddekgklalcpm\1.1_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: No name found = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-08-25 16:25:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WGA Remover] C:\Program Files (x86)\WGA Remover\wgaremover.exe () O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:[b]64bit:[/b] - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mateusz\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mateusz\Desktop\PartyPoker.lnk () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B070AA7D-7E70-4FC3-B034-869D717E9DF0}: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF06718D-CAC3-4384-B64C-8848045460B8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D02B2CD1-C0D3-4636-B9A3-DB9D201C607B}: DhcpNameServer = 192.168.1.100 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\vsharechrome - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\vsharechrome - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-25 17:11:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-08-25 17:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-08-25 17:05:41 | 017,552,168 | ---- | C] (Mozilla) -- C:\Users\Mateusz\Desktop\Firefox Setup 14.0.1.exe [2012-08-25 16:26:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-08-24 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\vlc [2012-08-24 21:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012-08-24 21:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012-08-24 21:19:00 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Ilivid Player [2012-08-24 21:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012-08-24 21:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012-08-10 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\.minecraft [2012-07-31 16:00:48 | 006,955,968 | ---- | C] (Microsoft Corporation) -- C:\Users\Mateusz\Desktop\Silverlight.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-25 17:31:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-25 17:21:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-25 17:21:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-25 17:18:05 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2247349209-3091610151-10017335-1000UA.job [2012-08-25 17:13:58 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-25 17:13:46 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012-08-25 17:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-25 17:06:11 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-25 17:05:52 | 017,552,168 | ---- | M] (Mozilla) -- C:\Users\Mateusz\Desktop\Firefox Setup 14.0.1.exe [2012-08-25 16:25:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-08-24 23:03:57 | 000,060,988 | ---- | M] () -- C:\Users\Mateusz\Desktop\Przechwytywanie.JPG [2012-08-24 22:18:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2247349209-3091610151-10017335-1000Core.job [2012-08-24 21:24:16 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012-08-23 16:09:29 | 000,021,839 | ---- | M] () -- C:\Users\Mateusz\Documents\act.odt [2012-08-19 00:54:30 | 000,077,740 | ---- | M] () -- C:\Users\Mateusz\Desktop\skanowanie0004r.jpg [2012-08-18 20:59:55 | 000,081,938 | ---- | M] () -- C:\Windows\SysWow64\minecraft.jar [2012-08-18 20:59:55 | 000,076,419 | ---- | M] () -- C:\Windows\SysWow64\minecraft_modified.jar [2012-08-02 17:19:44 | 001,662,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-08-02 17:19:44 | 000,737,780 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-08-02 17:19:44 | 000,651,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-08-02 17:19:44 | 000,154,468 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-08-02 17:19:44 | 000,120,920 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-31 16:00:49 | 006,955,968 | ---- | M] (Microsoft Corporation) -- C:\Users\Mateusz\Desktop\Silverlight.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-25 17:06:11 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-08-25 17:06:11 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-24 23:03:57 | 000,060,988 | ---- | C] () -- C:\Users\Mateusz\Desktop\Przechwytywanie.JPG [2012-08-24 21:24:16 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012-08-23 16:09:28 | 000,021,839 | ---- | C] () -- C:\Users\Mateusz\Documents\act.odt [2012-08-19 00:54:30 | 000,077,740 | ---- | C] () -- C:\Users\Mateusz\Desktop\skanowanie0004r.jpg [2012-08-18 20:59:55 | 000,081,938 | ---- | C] () -- C:\Windows\SysWow64\minecraft.jar [2012-08-18 20:59:55 | 000,076,419 | ---- | C] () -- C:\Windows\SysWow64\minecraft_modified.jar [2012-06-27 14:01:20 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012-05-16 18:08:52 | 000,006,144 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011-11-10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011-11-09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011-11-09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011-10-30 17:32:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011-10-30 17:29:48 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011-09-07 16:15:38 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{6596491B-C5A4-45BF-82F5-9CAE4395FEFA} [2011-08-25 15:35:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-08-25 15:35:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-08-25 15:35:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-08-25 15:35:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-08-25 15:35:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-08-25 15:28:29 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{E9FC6566-C268-447E-A116-CE22880844E7} [2011-08-25 15:21:34 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{F909B699-A991-4E74-BFB6-43C25955719C} [2011-08-25 15:16:57 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{3EBE915F-06EB-4305-8BC1-268BF35C9230} [2011-08-21 20:19:07 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2011-08-21 20:19:07 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2011-08-21 20:19:07 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2011-08-21 20:19:07 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2011-08-21 20:19:07 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-03-28 16:15:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-12-25 20:48:43 | 000,000,370 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-12-18 20:15:32 | 001,623,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-09-25 13:28:05 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010-04-17 14:35:46 | 000,007,605 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\Resmon.ResmonCfg [2010-01-06 23:07:51 | 000,000,640 | RHS- | C] () -- C:\Users\Mateusz\ntuser.pol [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report >

OTL extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-08-25 16:51:02 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Mateusz\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,34% Memory free 8,00 Gb Paging File | 6,18 Gb Available in Paging File | 77,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 3,30 Gb Free Space | 2,95% Space Free | Partition Type: NTFS Drive E: | 37,27 Gb Total Space | 8,42 Gb Free Space | 22,58% Space Free | Partition Type: NTFS Computer Name: DOMINATOR | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0901050D-B11E-4D05-9CCB-D3A9EB28B1C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{09124FCF-DFE0-4198-89F0-9159BA8BFBC2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{0921F767-7664-45B8-9756-642A873E44C7}" = rport=137 | protocol=17 | dir=out | app=system | "{09303B6D-496E-4C9F-B84D-D505D462F2F1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{0BDA0D57-FFBE-4D09-AB77-9A387AE1CDBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0C146A2A-05F9-4AB1-BB2C-1FF83624B44E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{109F785C-A1B4-4563-A950-AAA1BB4BB07A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{114F6C12-9944-41C5-9762-4E5D764A9E02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{13CDA053-CE40-4F4A-B065-0B9E41AE5C9C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1907FF91-1E13-494C-BC1A-13CADE876724}" = lport=2869 | protocol=6 | dir=in | app=system | "{22751D27-6101-4030-8D4F-78182E1524C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23517525-DDF0-495D-AD8F-1BC44100B241}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2E1DC516-94E0-435D-880C-2BDEBC76ED4E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34616A98-E56F-4320-A267-CE1001C4A580}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{39BA9BC4-4369-4270-96F7-F288D0E63C0E}" = lport=10244 | protocol=6 | dir=in | app=system | "{3E610370-D709-44F7-8F34-6A30E2CC6235}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{429EF4AC-B6DA-4E7D-A0D8-109D865D032D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{435435DB-2C10-45F1-AADA-E9A040F4A286}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{46EC0493-D4EE-4887-AA29-B018FC523330}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{472F4940-30CD-463B-8FA1-CF4234C8FFF8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{477E679C-025F-4F86-A385-B8787BD87DAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5677A9B2-7C80-4660-A127-E7DD39994350}" = rport=10243 | protocol=6 | dir=out | app=system | "{582CF591-6A68-4D49-8DAF-CB937EC0A03F}" = lport=2869 | protocol=6 | dir=in | app=system | "{5AA14908-B717-4626-9681-147BAA825D41}" = lport=138 | protocol=17 | dir=in | app=system | "{5B907E68-A39B-4AB9-937F-97B343225ECC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D339D5A-7CAA-494C-A989-044446009A26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F5A1BA7-0A7F-4306-BAB7-EA9633C7463E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{610BCD2C-4B9D-4F6A-BBE8-48FACC1C57D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{675E1CE3-5D64-4235-B82A-C26F58119713}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68A277C7-A962-44DD-8221-F2A0ED1CE378}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73223A11-BBFC-4111-920D-FD84E712F966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{74291CE3-5782-469D-AB47-5F4866419EC7}" = lport=10244 | protocol=6 | dir=in | app=system | "{7B938C8B-D6D0-46BA-8B9E-A03AA8F8D682}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CF4D48A-6DA2-47C4-BB59-216604606816}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{86BF4C48-96D2-41E8-93A3-3B504900E39F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{882951E9-C8DC-40FC-8624-D1D2AFE991AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8DEDFD8F-A4AB-45B9-8C8E-7D73C47A8F24}" = lport=445 | protocol=6 | dir=in | app=system | "{8EDCB3E8-6E7D-4AAC-91D5-4D1435BB0487}" = lport=2869 | protocol=6 | dir=in | app=system | "{97CF7B3C-B2C6-49D9-82B6-8F269727330C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9BEAD34E-6D6D-4B8F-9353-FB4FEB45319B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A1437AF6-5675-42E1-9E4F-F48A79573C2A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A82D49D1-A488-46DA-B525-86E4A875A9D9}" = lport=139 | protocol=6 | dir=in | app=system | "{B5978688-B48D-4A96-8CE3-BA069E0B7709}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B638686C-5F52-47DB-B2C7-41AE5A6E3EC6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B7B59E95-8960-4266-B0AD-459DF28F4A7F}" = rport=138 | protocol=17 | dir=out | app=system | "{B9481E93-5C21-4E87-99D0-BEC3A4BAC8E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BABBB5F1-7806-49E2-947A-D93DF485C551}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BBECA5F8-E896-4BB7-A084-57F6F8D397DB}" = rport=445 | protocol=6 | dir=out | app=system | "{C13437BB-D9E6-424F-BDDC-B591B61876D3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{CDB77C35-44D8-437D-99A4-7BE2E3185D83}" = rport=139 | protocol=6 | dir=out | app=system | "{CE2B4215-FE95-484B-8540-F9D1B5A999AB}" = lport=3390 | protocol=6 | dir=in | app=system | "{D0579F9C-C632-475D-97BC-A64A8A302F5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D79518EC-EB7F-48A1-994A-43215F9444E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEB42F32-D7C9-48DE-928A-A2DCB4EFD196}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{DFE5F631-95DD-4682-B232-D304DD2CF32E}" = lport=137 | protocol=17 | dir=in | app=system | "{E000DD64-20B4-4837-B415-3660433EFC6C}" = lport=3390 | protocol=6 | dir=in | app=system | "{F26B6096-67E3-4A85-A29D-25E802406FEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D72A3D-C51E-4339-8D5D-5F21813376E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0303D4AA-5C46-4B81-B5D4-2D33722F7EE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{030B486A-8545-4394-AC8C-230DFE4BAC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{05127039-21F9-4331-8908-6548E42AC69C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0772FB22-150D-4C5C-BC50-45D9BAD02C94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07E3093F-6DCB-492B-90B0-B2E72522D8BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0D268E1F-9473-41E5-A3E2-9C8FAFD44491}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{0D3AD6B4-AD9C-44CD-A127-74A9B4F9C286}" = protocol=17 | dir=in | app=d:\civ\beyond the sword\civ4beyondsword.exe | "{0DBAAE37-6887-492A-9A17-626ACC7E68A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0ED59E60-78BD-489A-A54B-4D30DAEC7522}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{11AB6FAB-0C2E-410D-9DA2-77DCEA8F8116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{12728AE6-1E28-4EFE-97F4-6EF661637AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1298869B-67DA-4A13-802D-E0089891B99B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{14ABE6DF-C7A8-41AF-9A99-688BB03EBF90}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{1610CF01-145C-4D9B-B8A3-3018AB551EA3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{162439FA-125C-4676-B5BB-4E744740FAB6}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\uplaybrowser.exe | "{197F5572-1D7B-42C1-B203-236E3D702D43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B242DE9-B4BF-43D0-B55F-2218843FFFF5}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{1BD12FA3-63CD-4D2C-8B6F-61D74A204C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{1D8ABE1B-886A-4D2C-9B1E-95451F115C9D}" = protocol=17 | dir=in | app=e:\gry\acr\acrsp.exe | "{21DF21B2-BE0C-4C50-B3B4-AF44409C38C6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{2383FCC4-6E0E-4ABF-B964-9BF220718C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{23A7E1C9-60FF-4A9C-802D-7CCE6C85BDD9}" = protocol=6 | dir=out | app=system | "{26CEC4E2-B1D7-4719-BEAE-CA1FFC49F0E0}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe | "{2912D2FC-C2EA-4D8C-A654-CC21FD1B0B5A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{2C9C332B-645A-4FD5-98C8-C7247405DB56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{2CB0C6FF-3E23-4277-A506-B5A11FF1D6B6}" = protocol=6 | dir=in | app=e:\gry\acr\acrsp.exe | "{3057A648-EE09-4FEA-8B70-76EF423467FF}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreedii.exe | "{3242C797-0C36-445E-A5CC-40F99D5FE12E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{32614DB6-EDCE-47E7-9B5C-2F200F49C0AE}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreedii.exe | "{32A103CA-38BF-4289-861F-0F0E808A9FFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3406138D-A744-4CBA-AA12-0E75CCF8E2B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3576AD24-4FCE-4B51-B233-33F5E029BF09}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{39AE5651-5DA9-4D2C-8C4F-4287C5F7E31D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3AC7D375-05C2-4BE1-B80A-34F2E5595F0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3F053F1A-8147-4DD0-9AE9-B943C02CABF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{41043F3E-EC4A-47BA-9AEF-A2CB5029D460}" = protocol=17 | dir=in | app=d:\civ\civilization4.exe | "{42DE005F-D67D-43D3-B224-AF83631CDDAF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{43F04E41-42EF-4834-B889-D1A7F51BEE3A}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe | "{47166624-0D0C-4125-BEC7-41783FB9FA30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{47699880-08EB-4E7D-881A-1C90619B30F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{47E4A7A2-BB54-4B21-95A7-792BDECB2D4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{48991FD1-CA99-47C6-AFC8-787598C2857C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4DDF1711-5DE9-46BE-AEEA-31246FE5458E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4E0EFDCD-813C-40BF-826F-52A0EDFB73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{50D5C66D-DEC7-4AC6-B8DB-2077BF1CF627}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{517D343E-852E-4DE1-ABB7-0C7F23CDC05D}" = protocol=17 | dir=in | app=d:\civ\warlords\civ4warlords.exe | "{51F17D8D-57A4-4E82-820B-5AA825EA7A10}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5521BFBE-1AAF-4A28-B644-3FB3055589B1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{56678102-41EF-473F-A5B5-7A8E990260D4}" = protocol=17 | dir=in | app=e:\gry\acr\assassinscreedrevelations.exe | "{56FD5FD3-8373-4F01-ADC3-7096008614DF}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{594A72B9-FB4D-48D8-8F52-1C7631CAF656}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A8F8E4C-1562-4024-AB21-5F13180CAB48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5ACEBD06-3839-462B-AA1C-CBBBC5130447}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{5B8DEF7B-962D-4E92-8370-4B0CF430CAFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F23C211-9073-4C1A-8DBE-29A5EB833FFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{609CF1A6-3FC6-453B-A540-545FA46EE2B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{644AD679-F148-4B31-AED5-FC7C97C32F1F}" = protocol=6 | dir=in | app=d:\gry\nfs\launcher.exe | "{67EB34C0-EDA4-443E-87D7-F8DEF5FCEF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{691FC9E9-5B90-48FD-9D2E-9033946C92BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{69D0B9C1-990D-4C6A-B17A-70F8D358A80D}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\uplaybrowser.exe | "{6B61C2C1-0B98-473C-B313-757E1C0980A5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe | "{6FFA9A5B-634D-4511-BA36-D2F71D6D1CCF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7006D5AD-3D3D-4DB4-9806-C6AFDFEEBC0D}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreedii.exe | "{76890A8B-0C4C-47D1-9AE0-AE46C7F87F27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76F6B397-CF06-43D9-966C-13515B4ACB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera next\opera.exe | "{78186F1A-13C7-4108-80A5-5EE6EA11EB54}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\uplaybrowser.exe | "{7839C448-DAAC-4956-A96C-AD52A48B3F35}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{79546E39-C80C-439D-8292-81B690B85D57}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{7CB21EDB-5015-4D24-B11E-88AEC7ED2ECF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7DBD62E2-0C4C-48B8-8953-63FF82A855C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7FC90D84-CCCA-4F69-A4F6-BBD76722DB81}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{7FE74F21-BBB0-4DB5-9673-DDF81F6600F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8176907F-0C68-4BE8-A28D-998D6A3B0E8E}" = protocol=6 | dir=in | app=d:\gry\bbc2\bfbc2updater.exe | "{85536E8F-4A0A-4E9B-8D0B-EEAC0EA3CE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8786557B-16A6-4BD9-8BAE-99721FAE75F3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8847E0B1-93A9-405A-B00F-7B881C50FD41}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{8A567BE4-C701-402C-9A72-F6F0DA8E4E52}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{8E58B298-EC00-4576-B069-0F5E787CFEE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{918949BA-EBF8-435A-A40A-00AB9BE84C18}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{9429B101-6D5A-4B8E-A7D6-CA8CCF6CB6EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{94C8A6F4-1BC1-42B4-83AE-D28A33980DAE}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\uplaybrowser.exe | "{957520D6-2E35-462B-B13A-C5225217997D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{96B9BBFE-B512-493F-B086-F746A65683EC}" = protocol=17 | dir=in | app=d:\gry\bbc2\bfbc2updater.exe | "{993B6B01-FDA1-4819-AC8A-5058BED1D667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9DE489CC-1061-4001-95D9-699365309B62}" = protocol=6 | dir=in | app=d:\programy\steam\steam.exe | "{9E2035E6-71FD-45FA-8565-FD15736E9DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{9FC786F6-0F7A-4125-BFD2-226E33C69B43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A0BE3144-D8FA-4F7D-BC89-F4454E9BEF1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A59ADE8F-2885-4D2D-8FF0-6F2C7923F234}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A6479DC5-9AE8-4F70-BB29-FB04D4836991}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A8FFD71D-88B0-4694-B8FA-236149C1A3A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF10E10B-1BEC-4C21-BB9F-C307C7DB2131}" = protocol=6 | dir=in | app=e:\gry\acr\assassinscreedrevelations.exe | "{B146CE84-C9BE-4FCA-8FC6-CDDD15D56CF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B1D46951-0472-44DB-AE1B-5A0555FAA835}" = protocol=17 | dir=in | app=c:\program files (x86)\opera next\opera.exe | "{B305A243-E477-4E64-ABD2-9663E9657DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B3B1BE60-EAD5-4B0D-8ADC-DC9C13788222}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreediigame.exe | "{B498D4C6-59D7-4347-9B82-ACFC7003E993}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe | "{B7342837-3D9A-4EB2-8584-C370A05FE465}" = protocol=6 | dir=in | app=e:\gry\acr\acrmp.exe | "{BA1D54DA-01AC-4609-B1B5-AB4C89A35482}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BA6696BA-B324-4929-99C0-2DBD7D9E184A}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreediigame.exe | "{BD7C4844-5A8F-488B-A036-61DD5D81FAA3}" = protocol=17 | dir=in | app=d:\programy\steam\steam.exe | "{BFF28E71-591E-4C45-ACDC-A53388A6719D}" = protocol=17 | dir=in | app=d:\gry\nfs\launcher.exe | "{BFF2CA3B-7648-4DB8-99AE-8E835C7488E0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C0653146-B8B2-4C54-9CCB-B7338A48BADD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C4B43742-1613-42A7-B013-5EB75035AD5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C98BB227-7DAE-4551-A330-163272ED7F26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{CDC1B73C-ABBA-446A-AE0E-BBDB064A7DDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D0CEF564-1B03-477A-91A7-C93D5905C04F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D3429848-5CCD-416E-BBA7-9E1430B646AD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{D50B0102-5A49-4C99-A2C6-21C657D18B1F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{D5325241-2391-4711-9B35-4DE22684FE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D661C820-39D6-492D-960D-621E0630C9BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D8C03CD5-5670-4DCD-8B7B-542880D6C546}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D971D5AD-AE12-4E2A-9366-D04F368D01C9}" = protocol=6 | dir=in | app=d:\civ\civilization4.exe | "{DCE73102-2B74-4DC9-926E-BD2802CDC80C}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{E13185A6-FE03-451C-ACD1-229F7D3908D6}" = protocol=6 | dir=in | app=d:\civ\warlords\civ4warlords.exe | "{E55CE6CB-3298-4DBE-B676-5A74F338DBC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EC8D9A70-E164-4747-BBBC-9E5F65F629C5}" = protocol=6 | dir=in | app=d:\civ\beyond the sword\civ4beyondsword.exe | "{ED3F6931-D0AB-4E68-9FF5-ED8E9174B969}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreedii.exe | "{EFC51DE2-0433-405E-B96E-8CEDB82AFE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{F1C4E535-5F06-4206-8D7D-64525FF70AD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F587037D-A1B1-4405-A7FD-F747D1E28E7E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F5CE014F-41D2-44C5-88C1-A229B4C21C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{F5CF2E67-CF02-459E-810A-4C76244EA236}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F694AF3D-A7EB-4A83-9699-5B5B633B94DF}" = protocol=17 | dir=in | app=e:\gry\acr\acrmp.exe | "{FDC74819-599D-4DFB-8922-623C06B2FC0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{071C1FED-3AD7-4AA0-BA08-7D4638A38DBC}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "TCP Query User{113D02EF-00ED-4353-8DF6-7371B8396E4D}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{14988E9F-C20E-4BFC-9582-D331AC03D480}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{1FEF1EE6-9ACE-4E9D-BCC7-DBD14504F5AF}D:\gry\cs\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hlds.exe | "TCP Query User{22617693-A9E0-4A6B-A550-4233D6227F3E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{2E558B4A-CD0B-40D4-8BE5-5133844E4933}C:\program files (x86)\axesstel\axessmanager\axessmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\axesstel\axessmanager\axessmanager.exe | "TCP Query User{332283AD-8DA5-4DDC-BB91-8B31B7512A4C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{37BA57C2-C9B0-4430-A47D-FA1C425D75BC}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{3DC886F9-5BDC-4F3D-B974-A350C2E34E27}C:\program files (x86)\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "TCP Query User{461E1076-4CB1-4BCC-95F0-EDC447996619}D:\gry\fifa demo\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa demo\game\fifa.exe | "TCP Query User{5402A199-FE6F-47D0-9423-803D43E84B62}D:\gry\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\gry\shift 2 unleashed\shift2u.exe | "TCP Query User{663911C2-D12A-485C-9A4C-3C65BE49F758}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{6D888ADA-299C-4E25-ADB0-C6FB69F762BD}D:\gry\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "TCP Query User{6E4F0FFD-BD13-4B8C-A366-47CBD784B4F4}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "TCP Query User{6E63543A-90A2-4487-8D44-FCC971642FD6}D:\gry\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "TCP Query User{72BEF7FC-E947-484D-BD18-9EE332312D29}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "TCP Query User{75C040FB-AAA9-4898-8AEF-93988554E691}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{8025E783-12DA-4B58-98C5-14375C3BC77C}D:\gry\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\gry\call of duty - black ops\blackops.exe | "TCP Query User{89906FF9-CF92-4E95-A028-4BBC97119E1D}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "TCP Query User{9C374CB6-7713-4E03-8DA8-ACD341BB1B9F}D:\download\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\download\counter-strike 1.6\counter-strike 1.6\hl.exe | "TCP Query User{9DE6D45B-1344-47AA-BE30-9E7A9872EAB4}C:\program files (x86)\axesstel\axessmanager\axessmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\axesstel\axessmanager\axessmanager.exe | "TCP Query User{9F878FEB-5E7F-4B80-866A-B6802A89BE00}D:\gry\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=d:\gry\medal of honor\binaries\moh.exe | "TCP Query User{B3C43AED-DC54-461A-845E-2F7F83CA8DE6}D:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe" = protocol=6 | dir=in | app=d:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe | "TCP Query User{BB731B8B-4723-4CAD-83E8-AB7DA0AE30E9}D:\gry\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=d:\gry\call of duty - black ops\blackopsmp.exe | "TCP Query User{CAB94D79-EB0B-44BB-B1F2-DAC884FCC4C5}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "TCP Query User{CD6B1821-942F-4256-8039-896424F843EF}D:\gry\fifa 10\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=d:\gry\fifa 10\fifa 10\fifa10.exe | "TCP Query User{E30B0044-6C5C-4A6B-81C2-D7941FE5B714}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "TCP Query User{E8566775-F523-46D7-9801-6CD2F0F82733}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{F24F1F17-22CD-4DCD-973F-636D8AABFFFD}D:\gry\nfs\nfs11.exe" = protocol=6 | dir=in | app=d:\gry\nfs\nfs11.exe | "TCP Query User{FA5FA2E6-564D-4960-9730-64AEBD4F975A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{FAF7D528-F47B-484B-BDD9-1413F902033B}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{FDFB656E-4F51-43A3-9762-CBCAD0EF58E0}D:\gry\cs\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hltv.exe | "UDP Query User{02CBB48E-5F73-4523-AC38-BCC149F06D62}D:\gry\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\gry\call of duty - black ops\blackops.exe | "UDP Query User{062E60A2-503C-4C01-9B61-BD2CD626507F}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{10AE6B12-6937-4130-A4E6-E115CE9B6208}D:\gry\cs\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hlds.exe | "UDP Query User{28E4EA01-5451-46C3-960C-68E1C4D32A6A}D:\gry\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=d:\gry\medal of honor\binaries\moh.exe | "UDP Query User{412698B7-6CEF-42A7-A62B-6A74B5EED234}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{44256523-FD3D-492C-B514-B69B3DE10294}D:\gry\cs\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hltv.exe | "UDP Query User{4B3E302E-E10C-4743-BB67-6419339A4108}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "UDP Query User{5D54A359-0976-4627-BE93-F74A25573A71}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{7A58C588-1DAE-44D7-A642-90E347CE869A}D:\gry\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=d:\gry\call of duty - black ops\blackopsmp.exe | "UDP Query User{83252613-7CB7-4857-B7EF-15214AB33D82}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{88005B2F-AD3F-463F-81AA-FC758587F378}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{8CAEB398-F34D-47BF-BEB9-A613BBC7CE4B}D:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe" = protocol=17 | dir=in | app=d:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe | "UDP Query User{8D36FB27-56B0-42B9-BF06-C9B8BAA92617}D:\download\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\download\counter-strike 1.6\counter-strike 1.6\hl.exe | "UDP Query User{8F531373-61E1-4DB4-8CCF-DEA38363BF22}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "UDP Query User{9600E239-D240-4F12-90DD-A3EEAD992F64}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{99BBAB16-7524-432E-AD0D-3D0A74B8384D}D:\gry\fifa 10\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=d:\gry\fifa 10\fifa 10\fifa10.exe | "UDP Query User{9A48BFC7-6B71-418C-8B0E-980E6B1A1FE2}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{B787BF37-69F4-4871-9A31-BCB3DA844575}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "UDP Query User{B818047B-9C80-4BA0-82BC-0283F25F50E3}C:\program files (x86)\axesstel\axessmanager\axessmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\axesstel\axessmanager\axessmanager.exe | "UDP Query User{BC283DBA-EF09-4A76-A43F-EE0BA202C6AD}D:\gry\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "UDP Query User{BD395C66-BA9A-4EAE-BAE5-D9F8115F252F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{C9300B82-913F-400C-99D9-D9564E47D835}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "UDP Query User{CDC95406-0CCD-41FC-B8BC-2C641ED4AA15}D:\gry\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\gry\shift 2 unleashed\shift2u.exe | "UDP Query User{D81D80B1-7D42-4E74-823F-4D6C3A13383C}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "UDP Query User{D8BE4A39-4DA9-4F20-88BE-A1D6D5F9FDBD}C:\program files (x86)\axesstel\axessmanager\axessmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\axesstel\axessmanager\axessmanager.exe | "UDP Query User{E43F6796-1536-4137-8D6E-52967E2C1D48}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "UDP Query User{E9A51136-E893-475A-B78D-5C664DCD99C7}D:\gry\nfs\nfs11.exe" = protocol=17 | dir=in | app=d:\gry\nfs\nfs11.exe | "UDP Query User{EA653D9C-FEDC-4E3F-AAD4-F88BAB638C13}D:\gry\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "UDP Query User{ECEC2C10-9E74-423B-AB98-DAC459656368}C:\program files (x86)\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "UDP Query User{EFBFC54D-595A-4CF4-A1B1-1A1C86285E69}D:\gry\fifa demo\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa demo\game\fifa.exe | "UDP Query User{F5864C7D-B8E5-4DAB-829E-1E46C788E9E3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{F66383EB-2F42-4F73-B89A-DA4DD6A059E4}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{11947265-738E-42D1-A9C6-CFD2D7FAE5BE}" = HP Deskjet Ink Adv 2060 K110 Badanie ulepszeń produktu "{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55198058-B9BD-4574-8CD0-1E4EC1240B90}" = HP Deskjet Ink Adv 2060 K110 Podstawowe oprogramowanie urządzenia "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Creative VF0260" = Creative Live! Cam Vista IM Driver (1.11.02.00) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1AB7827A-977F-4AF2-BD5D-F1D2E5BF73E5}" = Nokia Firmware RM-133 EMEA "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Pomoc "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2F672AB6-053A-4F23-855F-F57F7BFBA163}_is1" = WGA Remover version 1.0 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{376ec3e5-df9d-43df-b440-79646faa1147}" = Nero 9 Trial "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.2 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.3 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92DA4424-0CFB-44D1-A08B-B63D5D8BEFBC}_is1" = Phoenix Service Software 2010.8.4.41526 "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.05 "{B52D7A21-03E5-4C0C-82FA-FD8EB4C92149}" = AxessManager "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) wersja v2011.build.49 "{BC85DD5F-1E88-4E38-B77F-0371DFD41045}" = Nero 7 Demo "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40963EC-223E-4E65-8CF0-A60E9A227245}_is1" = Prawo Jazdy ABCDT - egzamin wewnętrzny "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Alan Wake American Nightmare_is1" = Alan Wake American Nightmare "ALLPlayer_is1" = ALLPlayer V4.X "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Babylon" = Babylon "Browsers Protector" = Browsers Protector "Civilization V PL" = Civilization V PL "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "CWK" = CWK (Czasowy Wyłącznik Komputera) "CZATeriaKam" = CZATeriaKam 2.6.2 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FontCreator6_is1" = High-Logic FontCreator 6.5 "Fraps" = Fraps "funmoods" = Funmoods on IE and Chrome "Gadu-Gadu" = Gadu-Gadu 7.7 "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "HP Photo Creations" = HP Photo Creations "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "InstallShield_{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel "InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch "InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only) "ipla" = ipla 2.3.5 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3 Knife_is1" = Mp3 Knife 3.2 "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "Opera 11.64.1403" = Opera 11.64 "PartyPoker" = PartyPoker "PDF Editor 3" = PDF Editor 3 "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "RealPlayer 15.0" = RealPlayer "Rockstar Games Social Club" = Rockstar Games Social Club "Searchqu Toolbar" = Searchqu Toolbar "SopCast" = SopCast 3.2.9 "StartSearch Toolbar" = StartSearch Toolbar 1.3 "TeamViewer 5" = TeamViewer 5 "UltraISO_is1" = UltraISO Premium V9.36 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.3 "vShare" = vShare Plugin "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "GG" = GG "Google Chrome" = Google Chrome [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-12 05:55:13 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 04:46:40 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 04:46:40 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 05:29:21 | Computer Name = Dominator | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-13 18:01:14 | Computer Name = Dominator | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 8.0.7600.16766, sygnatura czasowa: 0x4d65d5c3 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00480058 Identyfikator procesu powodującego błąd: 0x12bc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc2a1566269464 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: a7a8d65c-9608-11e0-9736-00241ddd900f Error - 2011-06-14 06:17:21 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-14 06:17:21 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-14 07:49:20 | Computer Name = Dominator | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-15 09:22:02 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-15 09:22:02 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . [ Media Center Events ] Error - 2011-05-10 07:41:03 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:41:03 - Błąd podczas nawiązywania połączenia z Internetem. 13:41:03 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 07:41:45 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:41:32 - Błąd podczas nawiązywania połączenia z Internetem. 13:41:32 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 08:42:16 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 14:42:16 - Błąd podczas nawiązywania połączenia z Internetem. 14:42:16 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 08:42:46 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 14:42:45 - Błąd podczas nawiązywania połączenia z Internetem. 14:42:45 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 09:43:19 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 15:43:19 - Błąd podczas nawiązywania połączenia z Internetem. 15:43:19 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 09:43:52 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 15:43:48 - Błąd podczas nawiązywania połączenia z Internetem. 15:43:48 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 10:44:23 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 16:44:23 - Błąd podczas nawiązywania połączenia z Internetem. 16:44:23 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 10:44:53 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 16:44:52 - Błąd podczas nawiązywania połączenia z Internetem. 16:44:52 - Nie można skontaktować się z serwerem.. Error - 2011-06-21 07:23:03 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:23:03 - Błąd podczas nawiązywania połączenia z Internetem. 13:23:03 - Nie można skontaktować się z serwerem.. Error - 2011-06-21 07:23:11 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:23:08 - Błąd podczas nawiązywania połączenia z Internetem. 13:23:08 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2012-08-23 09:30:51 | Computer Name = Dominator | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi eamonm z powodu następującego błędu: %%2 Error - 2012-08-23 09:34:58 | Computer Name = Dominator | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi eamonm z powodu następującego błędu: %%2 Error - 2012-08-24 05:00:22 | Computer Name = Dominator | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi eamonm z powodu następującego błędu: %%2 Error - 2012-08-24 13:09:58 | Computer Name = Dominator | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi eamonm z powodu następującego błędu: %%2 Error - 2012-08-25 09:51:03 | Computer Name = Dominator | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi eamonm z powodu następującego błędu: %%2 Error - 2012-08-25 10:17:59 | Computer Name = Dominator | Source = Service Control Manager | ID = 7034 Description = Usługa Portrait Displays Display Tune Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-08-25 10:21:50 | Computer Name = Dominator | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2012-08-25 10:24:13 | Computer Name = Dominator | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2012-08-25 10:24:13 | Computer Name = Dominator | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2012-08-25 10:25:09 | Computer Name = Dominator | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. < End of report >

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-25 17:40:03 Windows 6.1.7600 Running: p04g33zm.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8F 0xE7 0xF7 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0x2A 0x8B 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x57 0x38 0xD8 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x4F 0x31 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8F 0xE7 0xF7 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x24 0x2A 0x8B 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x57 0x38 0xD8 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x4F 0x31 0x17 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Gry\Battlefield 3\x2122\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe 1 ---- EOF - GMER 1.0.15 ----

**Posty:** 72 · przez **ytaszey** 25 Sie 2012, 19:02

Użyj AdwCleaner (opcja Delete).
Po wszystkim pokazujesz nowy log Skanuj i raport z AdwCleaner.

Autor postu otrzymał pochwałę

**Posty:** 1495 · przez **Buszinio** 25 Sie 2012, 19:43

Kod: Zaznacz wszystko: # AdwCleaner v1.801 - Logfile created 08/25/2012 at 19:38:03 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : Mateusz - DOMINATOR # Boot Mode : Normal # Running from : C:\Users\Mateusz\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Mateusz\AppData\Local\Babylon Folder Deleted : C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Folder Deleted : C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki Folder Deleted : C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc Folder Deleted : C:\Users\Mateusz\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Mateusz\AppData\Local\Winamp Toolbar Folder Deleted : C:\Users\Mateusz\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Mateusz\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\Mateusz\AppData\LocalLow\Funmoods Folder Deleted : C:\Users\Mateusz\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Mateusz\AppData\LocalLow\vShare Folder Deleted : C:\Users\Mateusz\AppData\Roaming\Babylon Folder Deleted : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\Searchqutoolbar Folder Deleted : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Deleted : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\extensions\plugin@yontoo.com Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Winamp Toolbar Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon Folder Deleted : C:\Program Files\Babylon Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Babylon Folder Deleted : C:\Program Files (x86)\Browsers Protector Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Deleted : C:\Program Files (x86)\Funmoods Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar Folder Deleted : C:\Program Files (x86)\vShare Folder Deleted : C:\Program Files (x86)\Winamp Toolbar Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\searchplugins\funmoods.xml File Deleted : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\searchplugins\Search_Results.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Babylon Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Funmoods Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\vShare Key Deleted : HKCU\Software\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\BabyDict Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\f Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Funmoods Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Winamp Toolbar Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browsers Protector] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/?aff=1&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/?aff=1&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=vsl --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (pl) Profile name : default File : C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\prefs.js C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\1gwc3g7p.default\user.js ... Deleted ! Deleted : user_pref("extensions.funmoods_i.aflt", "vsl"); Deleted : user_pref("extensions.funmoods_i.dfltLng", ""); Deleted : user_pref("extensions.funmoods_i.dfltSrch", true); Deleted : user_pref("extensions.funmoods_i.dnsErr", true); Deleted : user_pref("extensions.funmoods_i.excTlbr", false); Deleted : user_pref("extensions.funmoods_i.hmpg", true); Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=vsl"); Deleted : user_pref("extensions.funmoods_i.id", "101edf4e000000000000001f1f31dd1f"); Deleted : user_pref("extensions.funmoods_i.instlDay", "15482"); Deleted : user_pref("extensions.funmoods_i.instlRef", ""); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=vsl"); Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods_i.tlbrId", "base"); Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=vsl&q=")[...] Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1615:14:34"); Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16"); -\\ Google Chrome v21.0.1180.83 File : C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "homepage" : "hxxp://www.searchnu.com/406", Deleted : "hxxp://www.searchnu.com/406", Deleted : "hxxp://start.funmoods.com/?f=1&a=vsl" Deleted : "name" : "Search Results", Deleted : "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={sear[...] Deleted : "hxxp://start.funmoods.com/", Deleted : "hxxp://start.funmoods.com/", Deleted : "hxxp://reports.funmoods.com/", Deleted : "hxxp://start.funmoods.com/", Deleted : "description" : "StartSearch Video plug-in", Deleted : "name" : "StartSearch Video plug-in", Deleted : "path" : "chvsharetvplg.dll", Deleted : "path" : "C:\\Program Files (x86)\\Searchqu Toolbar\\Datamngr\\ChromeExtension", Deleted : "description" : "Babylon tool translates texts from within your Google Chrome in[...] Deleted : "128" : "babylon48.png", Deleted : "48" : "babylon48.png" Deleted : "name" : "Babylon Translator", Deleted : "path" : "BabylonChromePI.dll", Deleted : "default_icon" : "funmoods/img/16.png", Deleted : "default_popup" : "funmoods/dropdown.html", Deleted : "128" : "funmoods/img/128.png", Deleted : "32" : "funmoods/img/32.png", Deleted : "48" : "funmoods/img/48.png" Deleted : "name" : "Funmoods", Deleted : "update_url" : "hxxp://funmoods.com/public/download/chrome/update.xml", Deleted : "homepage" : "hxxp://www.searchnu.com/406", Deleted : "name" : "StartSearch Video plug-in", Deleted : "path" : "C:\\Users\\Mateusz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Ex[...] Deleted : "name" : "StartSearch Video plug-in" Deleted : "name" : "Babylon Chrome Plugin", Deleted : "path" : "C:\\Users\\Mateusz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Ex[...] Deleted : "name" : "Babylon Chrome Plugin" Deleted : "path" : "C:\\Users\\Mateusz\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D[...] Deleted : "hxxp://www.searchnu.com/406", Deleted : "hxxp://start.funmoods.com/?f=1&a=vsl" -\\ Opera v11.64.1403.0 File : C:\Users\Mateusz\AppData\Roaming\Opera\Opera\operaprefs.ini Deleted : Home URL=hxxp://www.searchnu.com/406 Deleted : application/vnd.unity=6,,C:\Users\Mateusz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,Un[...] ************************* AdwCleaner[S1].txt - [29006 octets] - [25/08/2012 19:38:03] ########## EOF - C:\AdwCleaner[S1].txt - [29135 octets] ##########

Wygląda na to, że juz po sprawie... Dzięki wielkie.

**Posty:** 72 · przez **ytaszey** 25 Sie 2012, 20:55

Uruchom AdwCleaner i kliknij Uninstall, aby usunąć AdwCleaner.
Wykonaj nowy log OTL z opcji Skanuj, może coś jeszcze zostało.
Nie ma za co.
Pozdrawiam.