Wirus cyberprzestępczość polska policja

**Posty:** 1495 · przez **Buszinio** 26 Lis 2012, 22:04

Witam! Złapałem wirusa, który jest teraz bardzo popularny i chyba nie muszę opisywać co się dzieje z komputerem, bo szczegóły są raczej wszystkim znane. Z góry dziękuje za pomoc. Logi:

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2012-11-26 21:00:18 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Download 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,17% Memory free 8,00 Gb Paging File | 7,16 Gb Available in Paging File | 89,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 26,01 Gb Free Space | 23,27% Space Free | Partition Type: NTFS Drive E: | 37,27 Gb Total Space | 1,93 Gb Free Space | 5,18% Space Free | Partition Type: NTFS Computer Name: DOMINATOR | User Name: Mateusz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-26 20:53:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Download\OTL.exe PRC - [2012-10-26 23:23:50 | 000,917,984 | ---- | M] (Mozilla Corporation) -- E:\Mozilla\firefox.exe PRC - [2012-10-26 23:23:49 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Mozilla\plugin-container.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-10-26 23:23:50 | 002,295,264 | ---- | M] () -- E:\Mozilla\mozjs.dll MOD - [2012-02-29 15:33:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-11-10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-11-09 22:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-10-26 23:23:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-07 19:42:10 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-08-25 15:04:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-04-21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-10-20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010-01-12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-02-05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2007-04-25 12:34:44 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-09-12 17:29:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-11-10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2011-11-10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011-11-10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011-08-25 15:04:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2011-08-25 15:04:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2011-06-24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:[b]64bit:[/b] - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-12-02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2010-12-02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2010-12-02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:[b]64bit:[/b] - [2010-12-02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2010-12-02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:[b]64bit:[/b] - [2010-12-02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2010-12-02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2010-04-12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2010-02-26 13:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-11-12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:[b]64bit:[/b] - [2009-09-23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:[b]64bit:[/b] - [2009-07-14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-12-25 10:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2007-07-18 10:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID) DRV:[b]64bit:[/b] - [2007-04-20 07:22:34 | 000,073,440 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CoachUsb.sys -- (CoachUsb) DRV:[b]64bit:[/b] - [2007-04-20 07:22:34 | 000,066,336 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CoachVid.sys -- (CoachVid) DRV:[b]64bit:[/b] - [2006-11-16 17:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pdiports.sys -- (PdiPorts) DRV:[b]64bit:[/b] - [2006-08-29 15:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prodigy.sys -- (PRODIGY) DRV - [2012-11-26 20:41:49 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010-01-29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{848F1555-0090-4524-ACB1-F6850E321048}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f&q={searchTerms} IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{848F1555-0090-4524-ACB1-F6850E321048}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{B15F5A73-F27E-4343-9EF3-929C8E06F4F2}: "URL" = http://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms} IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mateusz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mateusz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-03 14:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla\components [2012-10-26 23:23:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-08-24 20:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions [2012-10-23 21:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\588dk0vt.default\extensions [2012-10-13 16:25:08 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\588dk0vt.default\extensions\battlefieldplay4free@ea.com [2012-09-09 23:37:43 | 000,005,151 | ---- | M] () (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\firefox\profiles\588dk0vt.default\extensions\504d19f8cd381@504d19f8cd3bb.info.xpi [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: GanymedeNet.Detector (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\plugins\npganymedenet.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Mateusz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2012-08-25 15:25:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WGA Remover] C:\Program Files (x86)\WGA Remover\wgaremover.exe () O4 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mateusz\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mateusz\Desktop\PartyPoker.lnk () O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C9F871-0C67-48FA-9729-81597CA5A5B0}: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B070AA7D-7E70-4FC3-B034-869D717E9DF0}: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF06718D-CAC3-4384-B64C-8848045460B8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D02B2CD1-C0D3-4636-B9A3-DB9D201C607B}: DhcpNameServer = 192.168.1.100 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-26 20:15:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012-11-17 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2012-11-17 19:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012-11-17 14:54:22 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Programs [2012-11-12 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\hist [2012-11-07 23:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012-11-07 22:47:40 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Boss Media [2012-11-07 22:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Boss Media [2012-11-07 22:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bet-at-home.com Poker [2012-11-07 22:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bet-at-home.com Poker [2012-11-07 15:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012-11-07 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA [2012-10-29 13:51:43 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\historia [2012-10-29 11:53:38 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Documents\MOHW_DayOnePatch_PC [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-26 20:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-11-26 20:46:26 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012-11-26 20:41:57 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-11-26 20:41:49 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012-11-26 20:15:13 | 000,000,808 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012-11-26 20:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012-11-26 19:36:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-11-26 19:23:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2247349209-3091610151-10017335-1000UA.job [2012-11-26 19:00:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-11-26 19:00:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-11-25 22:23:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2247349209-3091610151-10017335-1000Core.job [2012-11-18 12:45:15 | 000,434,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-11-17 19:45:11 | 000,001,642 | ---- | M] () -- C:\Users\Mateusz\Desktop\BLACK OPS 2.lnk [2012-11-09 13:20:54 | 001,672,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-11-09 13:20:54 | 000,741,328 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-11-09 13:20:54 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-11-09 13:20:54 | 000,155,924 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-11-09 13:20:54 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-11-07 22:47:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\bet-at-home.com Poker.lnk [2012-11-07 15:59:55 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\Football Manager 2013.lnk [2012-11-02 15:14:00 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012-11-02 15:14:00 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012-11-02 15:13:54 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-26 20:15:13 | 000,000,808 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012-11-26 20:15:11 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012-11-17 18:28:52 | 000,001,642 | ---- | C] () -- C:\Users\Mateusz\Desktop\BLACK OPS 2.lnk [2012-11-07 22:47:29 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\bet-at-home.com Poker.lnk [2012-11-07 15:59:55 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2013.lnk [2012-10-05 20:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012-06-27 13:01:20 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe [2012-05-16 17:08:52 | 000,006,144 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011-11-10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011-11-09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011-11-09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011-10-30 16:32:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011-10-30 16:29:48 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011-09-07 15:15:38 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{6596491B-C5A4-45BF-82F5-9CAE4395FEFA} [2011-08-25 14:35:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-08-25 14:35:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-08-25 14:35:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-08-25 14:35:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-08-25 14:35:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-08-25 14:28:29 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{E9FC6566-C268-447E-A116-CE22880844E7} [2011-08-25 14:21:34 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{F909B699-A991-4E74-BFB6-43C25955719C} [2011-08-25 14:16:57 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\{3EBE915F-06EB-4305-8BC1-268BF35C9230} [2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-03-28 15:15:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-12-25 19:48:43 | 000,000,370 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-12-18 19:15:32 | 001,647,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-04-17 13:35:46 | 000,007,605 | ---- | C] () -- C:\Users\Mateusz\AppData\Local\Resmon.ResmonCfg [2010-01-06 22:07:51 | 000,000,640 | RHS- | C] () -- C:\Users\Mateusz\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-11-26 20:11:41 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\.minecraft [2012-06-27 13:01:28 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\CAD-KAS [2010-09-25 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Canneverbe Limited [2011-08-03 13:31:22 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Cream Software [2012-11-17 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\DAEMON Tools Lite [2011-06-21 10:33:35 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Day 1 Studios [2010-08-17 15:15:01 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\fltk.org [2012-05-17 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\FontCreator [2010-01-02 17:12:22 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Gadu-Gadu [2011-08-03 13:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\GameRanger [2011-11-29 21:44:11 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\GanymedeNet [2012-11-10 15:29:58 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\GG [2011-12-21 10:47:55 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\ipla [2010-03-11 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\IrfanView [2010-10-02 12:22:30 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Leadertech [2012-09-07 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Nalax [2011-01-15 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Nokia [2010-01-27 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\OpenOffice.org [2011-10-13 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Opera [2012-09-27 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Party [2011-10-08 16:13:08 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\PC Suite [2011-06-21 09:54:45 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\PeaZip [2011-12-31 13:07:06 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\PunkBuster [2012-11-07 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Sports Interactive [2011-02-20 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\TeamViewer [2010-06-14 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\The Creative Assembly [2012-06-27 13:43:54 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Thinstall [2010-03-09 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Ubisoft [2010-03-24 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Unity [2012-09-03 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Uskaiq [2012-11-21 23:08:06 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\uTorrent [2012-09-21 10:34:27 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Zekiy [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report >

Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-11-26 21:04:31 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Download 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 74,81% Memory free 8,00 Gb Paging File | 7,12 Gb Available in Paging File | 89,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 26,01 Gb Free Space | 23,27% Space Free | Partition Type: NTFS Drive E: | 37,27 Gb Total Space | 1,93 Gb Free Space | 5,18% Space Free | Partition Type: NTFS Computer Name: DOMINATOR | User Name: Mateusz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Mozilla\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0901050D-B11E-4D05-9CCB-D3A9EB28B1C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{09124FCF-DFE0-4198-89F0-9159BA8BFBC2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{0921F767-7664-45B8-9756-642A873E44C7}" = rport=137 | protocol=17 | dir=out | app=system | "{09303B6D-496E-4C9F-B84D-D505D462F2F1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{0BDA0D57-FFBE-4D09-AB77-9A387AE1CDBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0C146A2A-05F9-4AB1-BB2C-1FF83624B44E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{109F785C-A1B4-4563-A950-AAA1BB4BB07A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{114F6C12-9944-41C5-9762-4E5D764A9E02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{13CDA053-CE40-4F4A-B065-0B9E41AE5C9C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1907FF91-1E13-494C-BC1A-13CADE876724}" = lport=2869 | protocol=6 | dir=in | app=system | "{22751D27-6101-4030-8D4F-78182E1524C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23517525-DDF0-495D-AD8F-1BC44100B241}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2E1DC516-94E0-435D-880C-2BDEBC76ED4E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34616A98-E56F-4320-A267-CE1001C4A580}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{39BA9BC4-4369-4270-96F7-F288D0E63C0E}" = lport=10244 | protocol=6 | dir=in | app=system | "{3E610370-D709-44F7-8F34-6A30E2CC6235}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{429EF4AC-B6DA-4E7D-A0D8-109D865D032D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{435435DB-2C10-45F1-AADA-E9A040F4A286}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{46EC0493-D4EE-4887-AA29-B018FC523330}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{472F4940-30CD-463B-8FA1-CF4234C8FFF8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{477E679C-025F-4F86-A385-B8787BD87DAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5677A9B2-7C80-4660-A127-E7DD39994350}" = rport=10243 | protocol=6 | dir=out | app=system | "{582CF591-6A68-4D49-8DAF-CB937EC0A03F}" = lport=2869 | protocol=6 | dir=in | app=system | "{5AA14908-B717-4626-9681-147BAA825D41}" = lport=138 | protocol=17 | dir=in | app=system | "{5B907E68-A39B-4AB9-937F-97B343225ECC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D339D5A-7CAA-494C-A989-044446009A26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5EA18557-CA30-4C58-9A1A-6EA8E36FC508}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{5F5A1BA7-0A7F-4306-BAB7-EA9633C7463E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{610BCD2C-4B9D-4F6A-BBE8-48FACC1C57D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{675E1CE3-5D64-4235-B82A-C26F58119713}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68A277C7-A962-44DD-8221-F2A0ED1CE378}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73223A11-BBFC-4111-920D-FD84E712F966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{74291CE3-5782-469D-AB47-5F4866419EC7}" = lport=10244 | protocol=6 | dir=in | app=system | "{7B938C8B-D6D0-46BA-8B9E-A03AA8F8D682}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CF4D48A-6DA2-47C4-BB59-216604606816}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{86BF4C48-96D2-41E8-93A3-3B504900E39F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{882951E9-C8DC-40FC-8624-D1D2AFE991AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A8C56CB-0026-493B-A06A-AA9A38591D59}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{8DEDFD8F-A4AB-45B9-8C8E-7D73C47A8F24}" = lport=445 | protocol=6 | dir=in | app=system | "{8EDCB3E8-6E7D-4AAC-91D5-4D1435BB0487}" = lport=2869 | protocol=6 | dir=in | app=system | "{97CF7B3C-B2C6-49D9-82B6-8F269727330C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9BEAD34E-6D6D-4B8F-9353-FB4FEB45319B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A0C2C3FC-8FCE-46D2-9504-E074AC7508D6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{A1437AF6-5675-42E1-9E4F-F48A79573C2A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A82D49D1-A488-46DA-B525-86E4A875A9D9}" = lport=139 | protocol=6 | dir=in | app=system | "{B1FBCFEC-E4AD-4EF2-A506-8EF7567ACAA8}" = lport=1043 | protocol=6 | dir=in | name=akamai netsession interface | "{B5978688-B48D-4A96-8CE3-BA069E0B7709}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B638686C-5F52-47DB-B2C7-41AE5A6E3EC6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B7B59E95-8960-4266-B0AD-459DF28F4A7F}" = rport=138 | protocol=17 | dir=out | app=system | "{B9481E93-5C21-4E87-99D0-BEC3A4BAC8E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BABBB5F1-7806-49E2-947A-D93DF485C551}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BBECA5F8-E896-4BB7-A084-57F6F8D397DB}" = rport=445 | protocol=6 | dir=out | app=system | "{C13437BB-D9E6-424F-BDDC-B591B61876D3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{C4F0EFD3-E5E8-4CB6-BF18-A04241097B95}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{CDB77C35-44D8-437D-99A4-7BE2E3185D83}" = rport=139 | protocol=6 | dir=out | app=system | "{CE2B4215-FE95-484B-8540-F9D1B5A999AB}" = lport=3390 | protocol=6 | dir=in | app=system | "{D0579F9C-C632-475D-97BC-A64A8A302F5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D79518EC-EB7F-48A1-994A-43215F9444E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEB42F32-D7C9-48DE-928A-A2DCB4EFD196}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{DFE5F631-95DD-4682-B232-D304DD2CF32E}" = lport=137 | protocol=17 | dir=in | app=system | "{E000DD64-20B4-4837-B415-3660433EFC6C}" = lport=3390 | protocol=6 | dir=in | app=system | "{F26B6096-67E3-4A85-A29D-25E802406FEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FE3E00-61A8-42CA-955F-5D251BC471E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{02D72A3D-C51E-4339-8D5D-5F21813376E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0303D4AA-5C46-4B81-B5D4-2D33722F7EE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{030B486A-8545-4394-AC8C-230DFE4BAC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{05127039-21F9-4331-8908-6548E42AC69C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{05D4138B-3592-4E25-91AA-3B4DA9ACD32C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0772FB22-150D-4C5C-BC50-45D9BAD02C94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07E3093F-6DCB-492B-90B0-B2E72522D8BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0920B0C7-B713-47AE-ABD0-A6E3BE48E768}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0D0B22B9-A8A4-4C57-923D-96257ECDB71B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0D268E1F-9473-41E5-A3E2-9C8FAFD44491}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{0D3AD6B4-AD9C-44CD-A127-74A9B4F9C286}" = protocol=17 | dir=in | app=d:\civ\beyond the sword\civ4beyondsword.exe | "{0DBAAE37-6887-492A-9A17-626ACC7E68A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0ED59E60-78BD-489A-A54B-4D30DAEC7522}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{11AB6FAB-0C2E-410D-9DA2-77DCEA8F8116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{12728AE6-1E28-4EFE-97F4-6EF661637AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1298869B-67DA-4A13-802D-E0089891B99B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{14ABE6DF-C7A8-41AF-9A99-688BB03EBF90}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{15085EC5-5FAC-4211-A929-4649DD3F2BAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{15739028-EC25-4239-A487-A1C77DCC8EEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1610CF01-145C-4D9B-B8A3-3018AB551EA3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{162439FA-125C-4676-B5BB-4E744740FAB6}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\uplaybrowser.exe | "{1779CE06-B15C-45CC-A865-E92CE77E34D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{197F5572-1D7B-42C1-B203-236E3D702D43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B242DE9-B4BF-43D0-B55F-2218843FFFF5}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{1F43172F-126C-4BBC-85B1-19B863732F69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{21DF21B2-BE0C-4C50-B3B4-AF44409C38C6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{2241CA82-2E7F-4947-81E5-B3D06B8D2802}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2383FCC4-6E0E-4ABF-B964-9BF220718C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{23A7E1C9-60FF-4A9C-802D-7CCE6C85BDD9}" = protocol=6 | dir=out | app=system | "{26CEC4E2-B1D7-4719-BEAE-CA1FFC49F0E0}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe | "{2C9C332B-645A-4FD5-98C8-C7247405DB56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{3057A648-EE09-4FEA-8B70-76EF423467FF}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreedii.exe | "{3242C797-0C36-445E-A5CC-40F99D5FE12E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{32614DB6-EDCE-47E7-9B5C-2F200F49C0AE}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreedii.exe | "{32A103CA-38BF-4289-861F-0F0E808A9FFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3406138D-A744-4CBA-AA12-0E75CCF8E2B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3576AD24-4FCE-4B51-B233-33F5E029BF09}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{35D502D5-78BA-4448-91DF-69B592577528}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{39AE5651-5DA9-4D2C-8C4F-4287C5F7E31D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3AC7D375-05C2-4BE1-B80A-34F2E5595F0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3D84EA62-59ED-4FDA-9FB1-7EA2915D77CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3F053F1A-8147-4DD0-9AE9-B943C02CABF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{41043F3E-EC4A-47BA-9AEF-A2CB5029D460}" = protocol=17 | dir=in | app=d:\civ\civilization4.exe | "{419E60AC-229C-4A89-9AB2-2A13C45B63A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{42DE005F-D67D-43D3-B224-AF83631CDDAF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{43F04E41-42EF-4834-B889-D1A7F51BEE3A}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe | "{47166624-0D0C-4125-BEC7-41783FB9FA30}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{47699880-08EB-4E7D-881A-1C90619B30F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{47E4A7A2-BB54-4B21-95A7-792BDECB2D4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{490864BC-A39D-4CF9-92BF-74368548ADFB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{49BDDE3A-3435-4545-BCA2-0CD780554B1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4BE69F68-9A24-4137-BE18-F9A091B44E3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4C0DC653-17B5-4467-A06C-3D9D3DC2AF5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4DDF1711-5DE9-46BE-AEEA-31246FE5458E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4E0EFDCD-813C-40BF-826F-52A0EDFB73CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{50D5C66D-DEC7-4AC6-B8DB-2077BF1CF627}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{517D343E-852E-4DE1-ABB7-0C7F23CDC05D}" = protocol=17 | dir=in | app=d:\civ\warlords\civ4warlords.exe | "{51F17D8D-57A4-4E82-820B-5AA825EA7A10}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{52FA064F-3A10-410A-8D4A-D60A8801542A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{53C81435-2660-4F06-AFE6-F3A40581C2A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{56FD5FD3-8373-4F01-ADC3-7096008614DF}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{583B723B-C62A-4036-867C-C9C4CF9658FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{594A72B9-FB4D-48D8-8F52-1C7631CAF656}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A8F8E4C-1562-4024-AB21-5F13180CAB48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5ACEBD06-3839-462B-AA1C-CBBBC5130447}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{5B8DEF7B-962D-4E92-8370-4B0CF430CAFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F23C211-9073-4C1A-8DBE-29A5EB833FFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{609CF1A6-3FC6-453B-A540-545FA46EE2B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{63725847-B49A-4A62-BE93-FBA4ABD2F537}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{637EF80A-77AC-423E-8B47-75DED4DA316C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{63B18954-8B04-4D42-88EC-65A842E663E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{644AD679-F148-4B31-AED5-FC7C97C32F1F}" = protocol=6 | dir=in | app=d:\gry\nfs\launcher.exe | "{67EB34C0-EDA4-443E-87D7-F8DEF5FCEF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{68DED9AD-D1F9-4EE7-80E8-28207B094B05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{691FC9E9-5B90-48FD-9D2E-9033946C92BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{69D0B9C1-990D-4C6A-B17A-70F8D358A80D}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\uplaybrowser.exe | "{6B61C2C1-0B98-473C-B313-757E1C0980A5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe | "{6F0053D2-B81E-4B0B-B20F-886C21326B81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6FFA9A5B-634D-4511-BA36-D2F71D6D1CCF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7006D5AD-3D3D-4DB4-9806-C6AFDFEEBC0D}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreedii.exe | "{76890A8B-0C4C-47D1-9AE0-AE46C7F87F27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7696D5FA-CF99-4470-9DB3-78D0C2E3C31E}" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe | "{78186F1A-13C7-4108-80A5-5EE6EA11EB54}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\uplaybrowser.exe | "{7839C448-DAAC-4956-A96C-AD52A48B3F35}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{79546E39-C80C-439D-8292-81B690B85D57}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{7A780595-E46C-480C-A67A-AE0F9D591D4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7C8EFD63-61AD-436C-9AE0-73C9E2F856D3}" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe | "{7CB21EDB-5015-4D24-B11E-88AEC7ED2ECF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7D567E36-994C-45AB-B964-EFF71DC2F5CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7DBA66DC-7AE9-4557-8540-139AC8501A66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7DBD62E2-0C4C-48B8-8953-63FF82A855C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7E43F1CA-91CB-4C95-92A7-428C71E10A57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7FE74F21-BBB0-4DB5-9673-DDF81F6600F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8176907F-0C68-4BE8-A28D-998D6A3B0E8E}" = protocol=6 | dir=in | app=d:\gry\bbc2\bfbc2updater.exe | "{82C03619-5026-4207-8699-6AD650E7B6A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8341E158-DBF2-4CAD-99A0-78641FF23A83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84DBC2EB-D9D8-4C6A-8041-3EA2EB891BFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{85536E8F-4A0A-4E9B-8D0B-EEAC0EA3CE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{866726C1-A538-4569-B9A6-7B3E75DC8DDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8786557B-16A6-4BD9-8BAE-99721FAE75F3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8847E0B1-93A9-405A-B00F-7B881C50FD41}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{8A567BE4-C701-402C-9A72-F6F0DA8E4E52}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{8DA91CA3-38C9-4F0E-9A77-04B8BAA30AA7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{8DF03896-F2E6-4171-92C3-10851D4953DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E58B298-EC00-4576-B069-0F5E787CFEE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8EB42974-1AA3-4AC4-A016-9BE3940B20E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{915E9C8C-CF4A-4970-AC1E-0D8AA6205126}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{918949BA-EBF8-435A-A40A-00AB9BE84C18}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{9429B101-6D5A-4B8E-A7D6-CA8CCF6CB6EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{94C11F7F-F136-4688-A1A0-CF9C63F35762}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{94C8A6F4-1BC1-42B4-83AE-D28A33980DAE}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\uplaybrowser.exe | "{957520D6-2E35-462B-B13A-C5225217997D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{96B9BBFE-B512-493F-B086-F746A65683EC}" = protocol=17 | dir=in | app=d:\gry\bbc2\bfbc2updater.exe | "{97144FE8-E32E-4DCE-A961-56A3FB0C30D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{993B6B01-FDA1-4819-AC8A-5058BED1D667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9BE66630-FF93-4BF1-A7CD-270D85C66016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9DE489CC-1061-4001-95D9-699365309B62}" = protocol=6 | dir=in | app=d:\programy\steam\steam.exe | "{9FC786F6-0F7A-4125-BFD2-226E33C69B43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A0BE3144-D8FA-4F7D-BC89-F4454E9BEF1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A3A9F4B8-005A-4A5F-8A2A-DA62CF985BDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A4BE94C6-E806-495C-968B-F0E430D64EC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A59ADE8F-2885-4D2D-8FF0-6F2C7923F234}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A6479DC5-9AE8-4F70-BB29-FB04D4836991}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A8FFD71D-88B0-4694-B8FA-236149C1A3A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AAAD33A2-1856-444D-A9AB-E74619A82DA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B2E90CC4-0355-445F-A9A4-A95B9F3E8B95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B305A243-E477-4E64-ABD2-9663E9657DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B3B1BE60-EAD5-4B0D-8ADC-DC9C13788222}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreediigame.exe | "{B498D4C6-59D7-4347-9B82-ACFC7003E993}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe | "{BA1D54DA-01AC-4609-B1B5-AB4C89A35482}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BA6696BA-B324-4929-99C0-2DBD7D9E184A}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreediigame.exe | "{BD7C4844-5A8F-488B-A036-61DD5D81FAA3}" = protocol=17 | dir=in | app=d:\programy\steam\steam.exe | "{BFF28E71-591E-4C45-ACDC-A53388A6719D}" = protocol=17 | dir=in | app=d:\gry\nfs\launcher.exe | "{BFF2CA3B-7648-4DB8-99AE-8E835C7488E0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C0653146-B8B2-4C54-9CCB-B7338A48BADD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C194253A-8E49-47EF-A1EC-ADBB4613DD5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C48C6B67-2975-433A-AA4A-C3CF53A965A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C4B43742-1613-42A7-B013-5EB75035AD5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C7DBCDCC-3647-4691-AE75-FB2C568BF673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C98BB227-7DAE-4551-A330-163272ED7F26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{CCBEF345-4170-4123-B042-9FA94A457940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CDC1B73C-ABBA-446A-AE0E-BBDB064A7DDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D0CEF564-1B03-477A-91A7-C93D5905C04F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D3429848-5CCD-416E-BBA7-9E1430B646AD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{D406F051-C2D3-4F3D-A38E-8E5B673E6E39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D50B0102-5A49-4C99-A2C6-21C657D18B1F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{D5325241-2391-4711-9B35-4DE22684FE67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D661C820-39D6-492D-960D-621E0630C9BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D8C03CD5-5670-4DCD-8B7B-542880D6C546}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D95621C5-F749-448F-B462-68871B06B840}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D971D5AD-AE12-4E2A-9366-D04F368D01C9}" = protocol=6 | dir=in | app=d:\civ\civilization4.exe | "{DC2CED70-2A99-4507-BB43-91DEAEC89DBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DCE73102-2B74-4DC9-926E-BD2802CDC80C}" = protocol=17 | dir=in | app=d:\gry\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{DED4C9C2-896E-47F0-ADE2-9BBA0AD2F4D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E13185A6-FE03-451C-ACD1-229F7D3908D6}" = protocol=6 | dir=in | app=d:\civ\warlords\civ4warlords.exe | "{E3B34DBA-64DA-4BCB-9A7C-138B8ACAF9F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E55CE6CB-3298-4DBE-B676-5A74F338DBC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA1A3CD1-88E1-4B5E-97AB-B351A762D237}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EC8D9A70-E164-4747-BBBC-9E5F65F629C5}" = protocol=6 | dir=in | app=d:\civ\beyond the sword\civ4beyondsword.exe | "{ED0AFC89-DDAA-4807-9CA5-D8A319AD28BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{ED3F6931-D0AB-4E68-9FF5-ED8E9174B969}" = protocol=6 | dir=in | app=d:\gry\ubisoft\assassin's creed 2\assassinscreedii.exe | "{EFC51DE2-0433-405E-B96E-8CEDB82AFE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{F1C4E535-5F06-4206-8D7D-64525FF70AD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F4068DE2-D441-445F-88FD-9EB15FC06868}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F4BFAF6F-E5B7-4EF5-9C33-CD4BD2B3A838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F587037D-A1B1-4405-A7FD-F747D1E28E7E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F5CE014F-41D2-44C5-88C1-A229B4C21C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{FDC74819-599D-4DFB-8922-623C06B2FC0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{03B37C69-1E06-44CC-A6E2-DA52CB8443BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{071C1FED-3AD7-4AA0-BA08-7D4638A38DBC}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "TCP Query User{113D02EF-00ED-4353-8DF6-7371B8396E4D}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{1369D1ED-9536-491A-8C7B-9AD41EF63641}E:\gry\bfp4f.exe" = protocol=6 | dir=in | app=e:\gry\bfp4f.exe | "TCP Query User{14988E9F-C20E-4BFC-9582-D331AC03D480}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{1FEF1EE6-9ACE-4E9D-BCC7-DBD14504F5AF}D:\gry\cs\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hlds.exe | "TCP Query User{22617693-A9E0-4A6B-A550-4233D6227F3E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{332283AD-8DA5-4DDC-BB91-8B31B7512A4C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{37BA57C2-C9B0-4430-A47D-FA1C425D75BC}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{3DC886F9-5BDC-4F3D-B974-A350C2E34E27}C:\program files (x86)\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "TCP Query User{461E1076-4CB1-4BCC-95F0-EDC447996619}D:\gry\fifa demo\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa demo\game\fifa.exe | "TCP Query User{5402A199-FE6F-47D0-9423-803D43E84B62}D:\gry\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\gry\shift 2 unleashed\shift2u.exe | "TCP Query User{663911C2-D12A-485C-9A4C-3C65BE49F758}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{6D888ADA-299C-4E25-ADB0-C6FB69F762BD}D:\gry\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "TCP Query User{6E4F0FFD-BD13-4B8C-A366-47CBD784B4F4}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "TCP Query User{6E63543A-90A2-4487-8D44-FCC971642FD6}D:\gry\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "TCP Query User{75C040FB-AAA9-4898-8AEF-93988554E691}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{8025E783-12DA-4B58-98C5-14375C3BC77C}D:\gry\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\gry\call of duty - black ops\blackops.exe | "TCP Query User{89906FF9-CF92-4E95-A028-4BBC97119E1D}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "TCP Query User{9C374CB6-7713-4E03-8DA8-ACD341BB1B9F}D:\download\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\download\counter-strike 1.6\counter-strike 1.6\hl.exe | "TCP Query User{9F878FEB-5E7F-4B80-866A-B6802A89BE00}D:\gry\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=d:\gry\medal of honor\binaries\moh.exe | "TCP Query User{B3C43AED-DC54-461A-845E-2F7F83CA8DE6}D:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe" = protocol=6 | dir=in | app=d:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe | "TCP Query User{BB731B8B-4723-4CAD-83E8-AB7DA0AE30E9}D:\gry\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=d:\gry\call of duty - black ops\blackopsmp.exe | "TCP Query User{CAB94D79-EB0B-44BB-B1F2-DAC884FCC4C5}D:\fear 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "TCP Query User{CD6B1821-942F-4256-8039-896424F843EF}D:\gry\fifa 10\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=d:\gry\fifa 10\fifa 10\fifa10.exe | "TCP Query User{CEFC9E1D-D80B-4815-9762-5D8959B8A259}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | "TCP Query User{E30B0044-6C5C-4A6B-81C2-D7941FE5B714}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "TCP Query User{E8566775-F523-46D7-9801-6CD2F0F82733}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{F24F1F17-22CD-4DCD-973F-636D8AABFFFD}D:\gry\nfs\nfs11.exe" = protocol=6 | dir=in | app=d:\gry\nfs\nfs11.exe | "TCP Query User{FA5FA2E6-564D-4960-9730-64AEBD4F975A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{FAF7D528-F47B-484B-BDD9-1413F902033B}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{FDFB656E-4F51-43A3-9762-CBCAD0EF58E0}D:\gry\cs\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\gry\cs\counter-strike 1.6\hltv.exe | "UDP Query User{02CBB48E-5F73-4523-AC38-BCC149F06D62}D:\gry\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\gry\call of duty - black ops\blackops.exe | "UDP Query User{062E60A2-503C-4C01-9B61-BD2CD626507F}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{10AE6B12-6937-4130-A4E6-E115CE9B6208}D:\gry\cs\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hlds.exe | "UDP Query User{28E4EA01-5451-46C3-960C-68E1C4D32A6A}D:\gry\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=d:\gry\medal of honor\binaries\moh.exe | "UDP Query User{412698B7-6CEF-42A7-A62B-6A74B5EED234}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{44256523-FD3D-492C-B514-B69B3DE10294}D:\gry\cs\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hltv.exe | "UDP Query User{4B3E302E-E10C-4743-BB67-6419339A4108}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "UDP Query User{5D54A359-0976-4627-BE93-F74A25573A71}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{7A58C588-1DAE-44D7-A642-90E347CE869A}D:\gry\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=d:\gry\call of duty - black ops\blackopsmp.exe | "UDP Query User{83252613-7CB7-4857-B7EF-15214AB33D82}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{88005B2F-AD3F-463F-81AA-FC758587F378}D:\gry\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gry\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{8CAEB398-F34D-47BF-BEB9-A613BBC7CE4B}D:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe" = protocol=17 | dir=in | app=d:\fovnfsu2hfsm\fovnfsu2hfsm\speed2.exe | "UDP Query User{8D36FB27-56B0-42B9-BF06-C9B8BAA92617}D:\download\counter-strike 1.6\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\download\counter-strike 1.6\counter-strike 1.6\hl.exe | "UDP Query User{8F531373-61E1-4DB4-8CCF-DEA38363BF22}D:\gry\cs\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\counter-strike 1.6\hl.exe | "UDP Query User{9600E239-D240-4F12-90DD-A3EEAD992F64}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{99BBAB16-7524-432E-AD0D-3D0A74B8384D}D:\gry\fifa 10\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=d:\gry\fifa 10\fifa 10\fifa10.exe | "UDP Query User{9A48BFC7-6B71-418C-8B0E-980E6B1A1FE2}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{BC283DBA-EF09-4A76-A43F-EE0BA202C6AD}D:\gry\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "UDP Query User{BD395C66-BA9A-4EAE-BAE5-D9F8115F252F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{C9300B82-913F-400C-99D9-D9564E47D835}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "UDP Query User{CDC95406-0CCD-41FC-B8BC-2C641ED4AA15}D:\gry\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\gry\shift 2 unleashed\shift2u.exe | "UDP Query User{D81D80B1-7D42-4E74-823F-4D6C3A13383C}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "UDP Query User{DA4EEBCD-597D-4EDD-857F-555E8CB28BA8}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe | "UDP Query User{E43F6796-1536-4137-8D6E-52967E2C1D48}D:\fear 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\fear 3\f.e.a.r. 3.exe | "UDP Query User{E9A51136-E893-475A-B78D-5C664DCD99C7}D:\gry\nfs\nfs11.exe" = protocol=17 | dir=in | app=d:\gry\nfs\nfs11.exe | "UDP Query User{EA653D9C-FEDC-4E3F-AAD4-F88BAB638C13}D:\gry\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "UDP Query User{EB023C59-086D-4A1D-899F-D31C9C20B125}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{ECEC2C10-9E74-423B-AB98-DAC459656368}C:\program files (x86)\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "UDP Query User{EFBFC54D-595A-4CF4-A1B1-1A1C86285E69}D:\gry\fifa demo\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa demo\game\fifa.exe | "UDP Query User{F5864C7D-B8E5-4DAB-829E-1E46C788E9E3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{F66383EB-2F42-4F73-B89A-DA4DD6A059E4}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{FE25D957-A870-4D46-B671-022043BD33CB}E:\gry\bfp4f.exe" = protocol=17 | dir=in | app=e:\gry\bfp4f.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{11947265-738E-42D1-A9C6-CFD2D7FAE5BE}" = HP Deskjet Ink Adv 2060 K110 Badanie ulepszeń produktu "{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55198058-B9BD-4574-8CD0-1E4EC1240B90}" = HP Deskjet Ink Adv 2060 K110 Podstawowe oprogramowanie urządzenia "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Creative VF0260" = Creative Live! Cam Vista IM Driver (1.11.02.00) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad "{1AB7827A-977F-4AF2-BD5D-F1D2E5BF73E5}" = Nokia Firmware RM-133 EMEA "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Pomoc "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2F672AB6-053A-4F23-855F-F57F7BFBA163}_is1" = WGA Remover version 1.0 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{376ec3e5-df9d-43df-b440-79646faa1147}" = Nero 9 Trial "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.2 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.3 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92DA4424-0CFB-44D1-A08B-B63D5D8BEFBC}_is1" = Phoenix Service Software 2010.8.4.41526 "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1 "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.05 "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) wersja v2011.build.49 "{BC85DD5F-1E88-4E38-B77F-0371DFD41045}" = Nero 7 Demo "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40963EC-223E-4E65-8CF0-A60E9A227245}_is1" = Prawo Jazdy ABCDT - egzamin wewnętrzny "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALLPlayer_is1" = ALLPlayer V4.X "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bet-at-home.com Poker " = bet-at-home.com Poker "Call of Duty Black Ops II_is1" = Call of Duty Black Ops II "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "CWK" = CWK (Czasowy Wyłącznik Komputera) "CZATeriaKam" = CZATeriaKam 2.6.2 "DAEMON Tools Lite" = DAEMON Tools Lite "Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FontCreator6_is1" = High-Logic FontCreator 6.5 "Football Manager 2013_is1" = Football Manager 2013 "Fraps" = Fraps "Gadu-Gadu" = Gadu-Gadu 7.7 "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "HP Photo Creations" = HP Photo Creations "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "InstallShield_{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}" = Double Vibration steering wheel "InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch "InstallShield_{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camera "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only) "ipla" = ipla 2.3.5 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0 "Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3 Knife_is1" = Mp3 Knife 3.2 "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "Opera 11.64.1403" = Opera 11.64 "PartyPoker" = PartyPoker "PDF Editor 3" = PDF Editor 3 "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "RealPlayer 15.0" = RealPlayer "Rockstar Games Social Club" = Rockstar Games Social Club "SopCast" = SopCast 3.2.9 "TeamViewer 5" = TeamViewer 5 "UltraISO_is1" = UltraISO Premium V9.36 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2247349209-3091610151-10017335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Mateusz) "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "GG" = GG "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-12 05:55:13 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 04:46:40 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 04:46:40 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-13 05:29:21 | Computer Name = Dominator | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-13 18:01:14 | Computer Name = Dominator | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 8.0.7600.16766, sygnatura czasowa: 0x4d65d5c3 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00480058 Identyfikator procesu powodującego błąd: 0x12bc Godzina uruchomienia aplikacji powodującej błąd: 0x01cc2a1566269464 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: a7a8d65c-9608-11e0-9736-00241ddd900f Error - 2011-06-14 06:17:21 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-14 06:17:21 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-14 07:49:20 | Computer Name = Dominator | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-15 09:22:02 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2011-06-15 09:22:02 | Computer Name = Dominator | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . [ Media Center Events ] Error - 2011-05-10 07:41:03 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:41:03 - Błąd podczas nawiązywania połączenia z Internetem. 13:41:03 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 07:41:45 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:41:32 - Błąd podczas nawiązywania połączenia z Internetem. 13:41:32 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 08:42:16 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 14:42:16 - Błąd podczas nawiązywania połączenia z Internetem. 14:42:16 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 08:42:46 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 14:42:45 - Błąd podczas nawiązywania połączenia z Internetem. 14:42:45 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 09:43:19 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 15:43:19 - Błąd podczas nawiązywania połączenia z Internetem. 15:43:19 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 09:43:52 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 15:43:48 - Błąd podczas nawiązywania połączenia z Internetem. 15:43:48 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 10:44:23 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 16:44:23 - Błąd podczas nawiązywania połączenia z Internetem. 16:44:23 - Nie można skontaktować się z serwerem.. Error - 2011-05-10 10:44:53 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 16:44:52 - Błąd podczas nawiązywania połączenia z Internetem. 16:44:52 - Nie można skontaktować się z serwerem.. Error - 2011-06-21 07:23:03 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:23:03 - Błąd podczas nawiązywania połączenia z Internetem. 13:23:03 - Nie można skontaktować się z serwerem.. Error - 2011-06-21 07:23:11 | Computer Name = Dominator | Source = MCUpdate | ID = 0 Description = 13:23:08 - Błąd podczas nawiązywania połączenia z Internetem. 13:23:08 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2012-11-26 16:02:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:02:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:02:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:02:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:02 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:10 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:10 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2012-11-26 16:04:10 | Computer Name = Dominator | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 < End of report >

**Posty:** 4765 · przez **ordynat** 26 Lis 2012, 22:25

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=4fb9c790-8bed-11e1-aa96-00241ddd900f&q={searchTerms}
IE - HKU\S-1-5-21-2247349209-3091610151-10017335-1000\..\SearchScopes\{B15F5A73-F27E-4343-9EF3-929C8E06F4F2}: "URL" = http://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms}
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

:Files
C:\ProgramData\lsass.exe
C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\ProgramData\0tbpw.pad
C:\Users\Mateusz\AppData\Roaming\Uskaiq

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://java.com/pl/download/windows_xpi.jsp?locale=pl
Przy instalacji usuń zaznaczenie przy "Install the AskToolbar ..."

Autor postu otrzymał pochwałę

**Posty:** 1495 · przez **Buszinio** 26 Lis 2012, 22:53

Nowe logi:

**Posty:** 4765 · przez **ordynat** 26 Lis 2012, 23:02

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\Users\Mateusz\AppData\Roaming\Zekiy

Kliknij w Wykonaj Skrypt. Tym razem restartu nie będzie.
Potem kończymy:
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.