Zaszyfrowany system

nefarius12 · 2 Czerwca 2014

Your files are locked and encrypted with a unique RSA-1024 key!
To regain access you have to obtain the private key (password).

++++++++++++++++++++

To receive your private key (password):

Go to http://u5ubeuzamg54x5f3.onion.to and follow the instructions.

You will receive your private key (password) within 24 hours.

Your ID# is 28403489

If you can't find the page, install the Tor browser (https://www.torproject.org/projects/torbrowser.html.en) and browse to

http://u5ubeuzamg54x5f3.onion

++++++++++++++++++++

BEWARE - this is NOT a virus.

The ONLY way to unlock your files/data is to obtain your private key (password) or you may consider all your data lost.

You have just 5 days before the private key (password) is deleted from our server, leaving your data irrevocably broken.

++++++++++++++++++++

LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL AND SUSPICION OF (CHILD)PORNO

Jak sami widzicie mam taki oto problem jesli ktos wie jak pomoc prosze o szybka odpowiedz

lolos11 · 3 Czerwca 2014

http://artykuly.softonic.pl/jak-pokonac-cryptolocker-wirus-przechwytujacy-twoje-dokumenty

Janusz. · 2 Czerwca 2014

Podstawa angielskiego. Przeczytaj to.

Wykonaj logi. :-)

http://www.mpcforum.pl/topic/679592-tut-logi-co-i-jak/

jackraymund · 3 Czerwca 2014

To jest wirus aka Policja zabezpieczyła twój komputer.

Klucze do odszyfrowania znajdują się po stronie serwera. Ni chuj nie odszyfrujesz.

Musisz im zapłacić, jeżeli chcesz odzyskać swoje dane, lub format dysku. Dodatkowo na torze siedzą, więc ich nie dopadniesz.

Misiekantos253 · 4 Czerwca 2014

Zdecyduj, czy miales tam pliki warte 300$ czy nie. Caly system jest opracowany bardzo dobrze wiec szans na ominiecie go nie ma. W tym temacie nic wiecej nie zrobisz.

lolos11 · 4 Czerwca 2014

Program: CryptoFinder odnajduje zainfekowane pliki i informuje, czy można je odzyskać czy nie

Można też zrobić to ręcznie otwierając edytor rejestru Windows (start>uruchom>regedit) i przejść do klucza HKEY_CURRENT_USER\Software. Pojawi się folder zawierający nazwy plików zainfekowanych Cryplockerem. Niektóre z nich mogą nie być jeszcze zaszyfrowane, więc będzie je można odzyskać. Inne mogą być tylko na naszych kopiach zapasowych.

Cryplocker atakuje tylko dokumenty znalezione na komputerze i dyskach sieciowych. Nie atakuje plików na odłączonych dyskach i serwerach, które są internecie. Nie atakuje też zarchiwizowanych dokumentów, celem jest atak na pliki w komputerach biznesowych, naruszenie naszych ważnych dokumentów.

Roższerzenia atakowane przez Cryptolocker:

.odt, .ods, .odp, .odm, .odc, .odb, .doc, .docx, .docm, .wps, .xls, .xlsx, .xlsm, .xlsb, .xlk, .ppt, .pptx, .pptm, .mdb, .accdb, .pst, .dwg, .dxf, .dxg, .wpd, .rtf, .wb2, .mdf, .dbf, .psd, .pdd, .pdf, .eps, .ai, .indd, .cdr, .jpg, .jpe, .jpg, .dng, .3fr, .arw, .srf, .sr2, .bay, .crw, .cr2, .dcr, .kdc, .erf, .mef, .mrw, .nef, .nrw, .orf, .raf, .raw, .rwl, .rw2, .r3d, .ptx, .pef, .srw, .x3f, .der, .cer, .crt, .pem, .pfx, .p12, .p7b, .p7c.

jackraymund · 4 Czerwca 2014

jackraymund bzlem na angielskim forum i to nie policja....

napisałem "aka" = coś na ten styl. Wiadome że policja nie propaguje wirusów i nie okrada ludzi Ale tego jest od zajebu

Tak czy inaczej, zgadując bajt po bajcie plik, w dodatku nie znając jego rzeczywistego rozmiaru....

Dodatkowo hasz jest dość długi, czyli pewnie pobiera sporo mocy obliczeniowej.

Może jest to realne, ale nie dla przeciętnego użytkownika. Musiałbyś zarządzać, mocą obliczeniową zbliżoną do mocy największych kopalń bitcoinów, to może jeden plik byś odzyskał w przeciągu kilku lat.

Ale tak przybliżając. Mamy plik tekstowy z 10 znakami, w zwykłym ascii(255 znaków, ale windows i tak zapisuje w swojej 1250, która ma od chuja znaków).

To aby udało nam się rozszyfrować te 10 znaków. Potrzebowalibyśmy 1.162.523.670.191.533.212.890.625 kombinacji. 11 znaków to już trzeba by było ten wynik przemnożyć przez następne 255.

Także nie chcę cię nie zniechęcać, ale to chyba niema sensu.

@up

na samej górze tematu jest podana metoda haszowania RSA-1024.

RaiZeN_PL · 3 Czerwca 2014

Spróbuj tego:

https://in.answers.yahoo.com/question/index?qid=20140125125532AADHhIE

nefarius12 · 3 Czerwca 2014

Infekcje juz sam usunolem Programem Norton power eser teraz tylko odblokowac pliki...

OTL logfile created on: 14-06-03 23:43:07 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Midas\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd

3,49 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 64,65% Memory free

6,97 Gb Paging File | 5,26 Gb Available in Paging File | 75,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 26,43 Gb Free Space | 26,43% Space Free | Partition Type: NTFS

Drive D: | 156,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 132,79 Gb Total Space | 124,57 Gb Free Space | 93,81% Space Free | Partition Type: NTFS

Drive F: | 100,00 Mb Total Space | 61,41 Mb Free Space | 61,41% Space Free | Partition Type: NTFS

Computer Name: MIDAS-PC | User Name: Midas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-06-03 18:52:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Midas\Downloads\OTL.exe

PRC - [2014-05-14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014-05-13 22:17:13 | 000,084,328 | ---- | M] (SafeApp Software, LLC) -- C:\Program Files\Registry Helper\RegistryHelperService.exe

PRC - [2014-05-13 22:17:05 | 001,393,984 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2014-04-16 22:12:44 | 005,306,504 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2014-04-11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

PRC - [2014-04-11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

PRC - [2014-04-09 03:04:01 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2014-03-25 20:22:16 | 007,555,288 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe

PRC - [2014-03-25 20:22:16 | 001,864,408 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

PRC - [2014-03-25 20:22:16 | 001,225,944 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

PRC - [2013-11-15 14:17:42 | 000,525,480 | ---- | M] (AdTrustMedia) -- C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe

PRC - [2013-02-26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013-01-18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2013-01-18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011-12-15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011-01-02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Program Files\ShadowExplorer\sesvc.exe

========== Modules (No Company Name) ==========

MOD - [2014-06-01 11:08:56 | 000,035,328 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2014-05-24 18:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\libstdc++-6.dll

MOD - [2014-05-24 18:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll

MOD - [2014-05-14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll

MOD - [2014-05-14 01:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

MOD - [2014-05-14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll

MOD - [2014-05-14 01:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

MOD - [2014-05-14 01:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll

MOD - [2014-05-14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

MOD - [2012-06-18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=898DEBAE-54F2-4102-AE1C-A02B2223833C -- (vxlsnyaiet32)

SRV - [2014-05-14 01:39:30 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014-05-13 22:17:13 | 000,084,328 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Program Files\Registry Helper\RegistryHelperService.exe -- (REGISTRY HELPER SERVICE)

SRV - [2014-04-24 00:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014-04-16 22:12:44 | 005,306,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)

SRV - [2014-04-11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)

SRV - [2014-04-11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)

SRV - [2014-04-06 15:50:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2014-03-25 20:22:16 | 001,663,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)

SRV - [2014-03-01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2013-11-20 19:36:55 | 005,132,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013-02-26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011-12-15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011-01-02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)

SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2014-06-03 19:22:53 | 000,098,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR410.SYS -- (SMR410)

DRV - [2014-04-16 22:12:56 | 000,607,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2014-04-16 22:12:54 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)

DRV - [2014-04-07 13:50:55 | 000,931,640 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\TesSafe.sys -- (TesSafe)

DRV - [2013-02-26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2013-02-20 22:13:14 | 000,368,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)

DRV - [2012-07-17 18:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)

DRV - [2011-12-15 05:24:00 | 004,336,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010-11-20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010-11-20 12:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)

DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009-07-14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0Azz0FzytB0EyB0A0BtC0EtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DtByD0B0C0E0AtG0E0C0F0AtG0A0D0D0EtGyB0DtCyBtGtC0FyB0AyDyCtDzzyDyEtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0F0AyCyBtB0FtG0DtAtAtDtG0FtCtD0EtGyDyE0D0EtGtD0EyE0BtCzzyB0DyCzztCtD2Q&cr=1729630687&ir=

IE - HKLM\..\URLSearchHook: - No CLSID value found

IE - HKLM\..\URLSearchHook: {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.yahoo.com?fr=fp-comodo

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.1\vuzeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {39EC7500-5C48-44D8-BD1B-63C2A9BB7DFE}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw_G-ZsY37h80yOElmCohpsl7dwOeNIyyPnZJgOmiJxgBhLEE_N8TnSIVg6xCz4vnUahh3oqcPjNOrPYanuYtuoJ_AYOh0wkaM353EqRIGSObsRaJC20ODeON1lxXoilDgwGSVlNQoYUoMtiD0YHG7bfLdLnwXy0euVZOwGA0k2eUp2f08vMWEvmI,&q={searchTerms}

IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0Azz0FzytB0EyB0A0BtC0EtN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDzytAtDyDyDyEtGyCzzzz0DtG0BtAyB0BtGyByCtAyCtGyEyEzzzzyEtD0DtByC0DyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0F0AyCyBtB0FtG0DtAtAtDtG0FtCtD0EtGyDyE0D0EtGtD0EyE0BtCzzyB0DyCzztCtD2Q&cr=1414043212&ir=

IE - HKCU\..\SearchScopes\{39EC7500-5C48-44D8-BD1B-63C2A9BB7DFE}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

IE - HKCU\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0Azz0FzytB0EyB0A0BtC0EtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0D0Bzy0EtA0AzztG0EyCzyzztG0Bzz0DyDtGyBtCtC0CtGtC0ByCyDyE0B0EyC0ByC0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0F0AyCyBtB0FtG0DtAtAtDtG0FtCtD0EtGyDyE0D0EtGtD0EyE0BtCzzyB0DyCzztCtD2Q&cr=1991454643&ir=

IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

IE - HKCU\..\SearchScopes\{D0C6C17B-1DF7-4411-A7F2-2F3295E17CA9}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0Azz0FzytB0EyB0A0BtC0EtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DtByD0B0C0E0AtG0E0C0F0AtG0A0D0D0EtGyB0DtCyBtGtC0FyB0AyDyCtDzzyDyEtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0F0AyCyBtB0FtG0DtAtAtDtG0FtCtD0EtGyDyE0D0EtGtD0EyE0BtCzzyB0DyCzztCtD2Q&cr=1729630687&ir=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "

FF - prefs.js..browser.search.useDBForOrder: "false"

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0

FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0

FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.2

FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:3.1

FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:8.19.3.1

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40iminent.com:1.6.0

FF - prefs.js..extensions.enabledAddons: sitematcher%40sitematcher.com:1.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

FF - prefs.js..browser.startup.homepage: "http://pl.yahoo.com?fr=fp-comodo"

FF - prefs.js..browser.search.defaultenginename: "Yahoo!"

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"

FF - prefs.js..keyword.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\extension@Free_FLV_Converter.com: C:\Program Files\Free FLV Converter\extension@Free_FLV_Converter.com [2014-06-03 00:44:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b8a7bc9b-a420-49ce-95a3-9ef54b2e84e3}: C:\Program Files\View-Password-soft\155.xpi [2014-05-13 22:17:09 | 000,011,743 | ---- | M] ()

[2013-06-28 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\Extensions

[2014-06-03 00:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profiles\bt363d24.default\extensions

[2014-06-03 00:40:30 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profiles\bt363d24.default\extensions\[email protected]

[2014-06-03 00:40:31 | 000,000,000 | ---D | M] ("Site Matcher") -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profiles\bt363d24.default\extensions\[email protected]

[2014-06-03 00:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profiles\bt363d24.default\extensions\staged

[2014-06-03 00:40:34 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profiles\bt363d24.default\extensions\TidyNetwork@TidyNetwork

[2014-05-15 17:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profilesbt363d24.default\extensions

[2014-05-15 17:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\Firefox\Profilesbt363d24.default\extensions\staged

[2014-06-02 21:02:35 | 000,537,103 | ---- | M] () (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\extensions\[email protected]

[2014-04-25 12:13:16 | 000,010,858 | ---- | M] () (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\extensions\[email protected]

[2014-04-11 14:49:35 | 000,010,082 | ---- | M] () (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi

[2014-05-05 01:56:44 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi

[2014-05-22 23:51:59 | 000,612,000 | ---- | M] () (No name found) -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\extensions\staged\[email protected]

[2014-04-15 22:58:31 | 000,001,030 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\conduit-search.xml

[2014-05-15 17:25:44 | 000,001,368 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\iminent.xml

[2014-05-05 01:35:08 | 000,002,787 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\Mysearchdial.xml

[2014-06-02 19:43:51 | 000,001,207 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\Speedial.xml

[2014-05-30 22:36:06 | 000,000,643 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\trovi-search.xml

[2014-05-13 22:17:07 | 000,000,798 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\mozilla\firefox\profiles\bt363d24.default\searchplugins\yahoo_ff.xml

[2014-06-03 00:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014-06-03 00:44:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

File not found (No name found) -- C:\USERS\MIDAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BT363D24.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://speedial.com/?f=1&a=spd_ir_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0Azz0FzytB0EyB0A0BtC0EtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0DtByD0B0C0E0AtG0E0C0F0AtG0A0D0D0EtGyB0DtCyBtGtC0FyB0AyDyCtDzzyDyEtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0F0AyCyBtB0FtG0DtAtAtDtG0FtCtD0EtGyDyE0D0EtGtD0EyE0BtCzzyB0DyCzztCtD2Q&cr=1729630687&ir=

CHR - plugin: Error reading preferences file

CHR - Extension: Dokumenty Google = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\

CHR - Extension: Dysk Google = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Speedial = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.25_0\

CHR - Extension: YouTube = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Szukaj w Google = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\

CHR - Extension: Domain Error Assistant = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\

CHR - Extension: Slick Savings = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\

CHR - Extension: Google Wallet = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\

CHR - Extension: Gmail = C:\Users\Midas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.1\vuzeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.1\vuzeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {3004627E-F8E9-4E8B-909D-316753CBA923} - No CLSID value found.

O3 - HKLM\..\Toolbar: (SiteFinder) - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)

O4 - HKLM..\Run: [Fences] C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)

O4 - HKLM..\Run: [PrivDogService] C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe (AdTrustMedia)

O4 - HKLM..\Run: [Registry Helper] C:\Program Files\Registry Helper\RegistryHelper.Exe (SafeApp Software, LLC)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - Startup: C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0235F749-81A5-4817-9A23-EA0EC25616FE}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0235F749-81A5-4817-9A23-EA0EC25616FE}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0339DD8C-7DA2-4D76-BC2B-F4B92C29AEB1}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0520ED5E-9FBD-44F5-A784-4F401C6C22EA}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0520ED5E-9FBD-44F5-A784-4F401C6C22EA}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1375B85-82E3-4473-8BCD-1FF161B25A1F}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B370D376-97F3-46C4-A4BC-585F625CFE2A}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBCE1580-B3AB-4340-BEA5-47C64521CE06}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4D65E0A-ACBB-42E6-8F7F-08034761E523}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)

O27 - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a7444530-e021-11e2-a715-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a7444530-e021-11e2-a715-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe

O33 - MountPoints2\{a7444530-e021-11e2-a715-806e6f6e6963}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe

O33 - MountPoints2\{a7444530-e021-11e2-a715-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-06-03 19:38:11 | 000,000,000 | ---D | C] -- C:\Users\Midas\Desktop\Riot Games

[2014-06-03 19:33:02 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\www.shadowexplorer.com

[2014-06-03 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer

[2014-06-03 19:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer

[2014-06-03 19:22:53 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR410.SYS

[2014-06-03 19:13:56 | 000,000,000 | ---D | C] -- C:\NPE

[2014-06-03 19:12:46 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\NPE

[2014-06-03 19:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2014-06-03 18:51:51 | 000,000,000 | ---D | C] -- C:\FRST

[2014-06-02 21:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2014-06-02 21:03:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space

[2014-06-02 20:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia

[2014-06-02 20:55:49 | 004,176,736 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Midas\Desktop\TDSSKiller.exe

[2014-06-02 20:01:43 | 000,000,000 | ---D | C] -- C:\Users\Midas\Documents\Stardock

[2014-06-02 19:54:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0

[2014-06-02 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\PackageAware

[2014-06-02 19:26:14 | 000,000,000 | ---D | C] -- C:\Themes

[2014-06-01 03:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2014-05-30 23:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Counter Strike 1.6 BF Edition

[2014-05-30 22:54:53 | 000,245,208 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2014-05-30 22:54:50 | 000,174,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2014-05-30 22:54:50 | 000,174,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2014-05-30 22:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\003

[2014-05-30 17:19:11 | 000,000,000 | ---D | C] -- C:\Users\Midas\Desktop\Kerunis.pl

[2014-05-29 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\ESN

[2014-05-29 21:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2014-05-29 21:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2014-05-29 21:04:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller

[2014-05-29 17:18:38 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Origin

[2014-05-29 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2014-05-26 11:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2014-05-22 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Speedial

[2014-05-22 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Speedial

[2014-05-20 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA

[2014-05-20 14:30:10 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria

[2014-05-20 14:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Terraria

[2014-05-19 17:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2014-05-19 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\Ubisoft

[2014-05-19 17:07:13 | 000,000,000 | -HSD | C] -- C:\Users\Midas\AppData\Roaming\wyUpdate AU

[2014-05-19 17:07:13 | 000,000,000 | -HSD | C] -- C:\Users\Midas\wc

[2014-05-19 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher

[2014-05-19 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Ubisoft

[2014-05-17 13:37:19 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\.zyczujdk7

[2014-05-17 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\.minecraftzyczu

[2014-05-15 17:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\SiteLookup

[2014-05-15 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\SiteFinder

[2014-05-15 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\SimilarSites

[2014-05-15 17:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\IminentToolbar

[2014-05-15 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\IminentToolbar

[2014-05-15 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\auto-clicker

[2014-05-15 03:01:22 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014-05-14 17:27:28 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014-05-14 17:27:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014-05-14 17:27:25 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2014-05-14 17:27:25 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2014-05-14 17:27:24 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll

[2014-05-14 17:27:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll

[2014-05-14 17:27:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll

[2014-05-14 17:27:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll

[2014-05-14 17:27:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll

[2014-05-14 17:27:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll

[2014-05-14 17:27:24 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll

[2014-05-14 17:27:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2014-05-13 22:22:27 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\dclogs

[2014-05-13 22:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\View-Password-soft

[2014-05-13 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\Slick Savings

[2014-05-13 22:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper

[2014-05-13 22:17:07 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\SaveSenseLive

[2014-05-13 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard

[2014-05-13 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\TidyNetwork

[2014-05-13 22:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveSenseLive

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze Remote Toolbar

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\SaveSenseLive

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\SaveSense

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\SaveSense

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\LPT

[2014-05-13 22:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\LPT

[2014-05-13 22:17:04 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Local\Smartbar

[2014-05-13 22:17:04 | 000,000,000 | ---D | C] -- C:\Users\Midas\AppData\Roaming\Slick Savings

[2014-05-13 22:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Registry Helper

[2014-05-13 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Midas\.thumbnails

[2014-05-07 03:00:30 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel

========== Files - Modified Within 30 Days ==========

[2014-06-03 23:44:04 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Speedial.job

[2014-06-03 23:44:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\SaveSense.job

[2014-06-03 23:42:08 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2014-06-03 23:38:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014-06-03 23:35:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job

[2014-06-03 23:32:26 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014-06-03 19:32:57 | 000,001,847 | ---- | M] () -- C:\Users\Midas\Desktop\ShadowExplorer.lnk

[2014-06-03 19:27:22 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014-06-03 19:27:22 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014-06-03 19:22:55 | 000,000,020 | ---- | M] () -- C:\Windows\System32\drivers\SMR410.dat

[2014-06-03 19:22:53 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR410.SYS

[2014-06-03 19:22:25 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014-06-03 19:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014-06-03 19:22:09 | 2807,922,688 | -HS- | M] () -- C:\hiberfil.sys

[2014-06-03 02:08:58 | 000,132,436 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat

[2014-06-02 21:03:59 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk

[2014-06-02 20:35:43 | 000,269,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014-06-02 20:01:43 | 000,002,018 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

[2014-06-02 19:25:31 | 000,739,694 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2014-06-02 19:25:31 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014-06-02 19:25:31 | 000,155,268 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2014-06-02 19:25:31 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014-05-30 13:13:56 | 004,176,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Midas\Desktop\TDSSKiller.exe

[2014-05-29 21:43:55 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2014-05-29 21:38:49 | 000,139,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2014-05-29 21:38:41 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0

[2014-05-29 21:03:44 | 000,138,056 | ---- | M] () -- C:\Users\Midas\AppData\Roaming\PnkBstrK.sys

[2014-05-23 02:02:42 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014-05-22 18:03:03 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2014-05-20 14:30:10 | 000,001,863 | ---- | M] () -- C:\Users\Midas\Desktop\Terraria.lnk

[2014-05-17 13:37:22 | 000,002,154 | ---- | M] () -- C:\Users\Midas\Desktop\Minecraft by Zyczu.lnk

[2014-05-14 01:39:29 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2014-05-14 01:39:29 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2014-05-13 21:49:54 | 000,000,871 | ---- | M] () -- C:\Users\Midas\AppData\Local\recently-used.xbel

[2014-05-09 09:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014-05-09 09:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014-05-08 07:27:05 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2014-06-03 19:32:57 | 000,001,847 | ---- | C] () -- C:\Users\Midas\Desktop\ShadowExplorer.lnk

[2014-06-03 19:22:54 | 000,000,020 | ---- | C] () -- C:\Windows\System32\drivers\SMR410.dat

[2014-06-02 21:03:59 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk

[2014-06-02 20:01:43 | 000,002,018 | ---- | C] () -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

[2014-05-22 15:27:50 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Speedial.job

[2014-05-20 14:30:10 | 000,001,863 | ---- | C] () -- C:\Users\Midas\Desktop\Terraria.lnk

[2014-05-17 13:37:22 | 000,002,154 | ---- | C] () -- C:\Users\Midas\Desktop\Minecraft by Zyczu.lnk

[2014-05-17 10:07:50 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014-05-13 21:49:54 | 000,000,871 | ---- | C] () -- C:\Users\Midas\AppData\Local\recently-used.xbel

[2014-04-07 10:01:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2014-04-07 10:01:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2013-08-05 17:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Midas\SDActivate.lng

[2013-07-27 22:58:05 | 000,139,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2013-07-27 22:57:50 | 000,138,056 | ---- | C] () -- C:\Users\Midas\AppData\Roaming\PnkBstrK.sys

[2013-07-27 22:57:19 | 000,290,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2013-07-27 22:57:18 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe

[2013-07-27 22:57:18 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2013-06-29 22:48:43 | 000,000,063 | ---- | C] () -- C:\Windows\JQHApp.dat

[2013-06-29 03:16:06 | 000,000,040 | ---- | C] () -- C:\ProgramData\DT0001.dat

[2013-06-28 20:00:22 | 000,132,436 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat

[2013-06-28 19:59:48 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2013-06-28 19:58:33 | 000,000,079 | ---- | C] () -- C:\Users\Midas\AppData\Roaming\WB.CFG

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Files - Unicode (All) ==========

(C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Midas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\枆捅蚔牁

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:05EE1EEF

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

OTL Extras logfile created on: 14-06-03 23:43:07 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Midas\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd

3,49 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 64,65% Memory free

6,97 Gb Paging File | 5,26 Gb Available in Paging File | 75,50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 26,43 Gb Free Space | 26,43% Space Free | Partition Type: NTFS

Drive D: | 156,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 132,79 Gb Total Space | 124,57 Gb Free Space | 93,81% Space Free | Partition Type: NTFS

Drive F: | 100,00 Mb Total Space | 61,41 Mb Free Space | 61,41% Space Free | Partition Type: NTFS

Computer Name: MIDAS-PC | User Name: Midas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{047B7849-E0CE-49C2-97EC-CB183C9AE5DC}" = rport=445 | protocol=6 | dir=out | app=system |

"{106137DB-426C-428D-9067-A0CCA8614B24}" = rport=2869 | protocol=6 | dir=out | app=system |

"{183BFC66-6EFD-4597-9EE2-2AB8A8F5E478}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1850EF80-20CE-403C-80FE-7B137E6D7B4B}" = rport=138 | protocol=17 | dir=out | app=system |

"{1C47EB5A-A996-4EEF-A71E-4B1006F37883}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{260CBEA3-392B-4449-A14A-65EBA6A39275}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3071A7FE-3D39-42D5-BF70-22A20D772864}" = rport=137 | protocol=17 | dir=out | app=system |

"{42D1B1AD-BCC5-4DEA-8C00-7D0622899B64}" = rport=10243 | protocol=6 | dir=out | app=system |

"{4308ACA9-706D-4C66-A3AA-DB56B04C6224}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{45741C42-02C1-4F48-AD20-A1F0D9FAA81C}" = lport=137 | protocol=17 | dir=in | app=system |

"{4826C11C-8C6B-4ECC-BEFC-12FDCE64E035}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{48D1239A-DC91-4FDC-9F4A-75CE3622D346}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{55AB76B7-BFA9-43C3-976D-4628C9FFBDF2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5AAE941A-C0C7-4DAC-96B9-41587E17F1D3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{61DEA033-3A36-4FAB-AA52-66317BC916E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{62FBA2B7-B542-44AD-9F7F-647227578729}" = lport=139 | protocol=6 | dir=in | app=system |

"{6D242E3C-E388-4BFF-BA85-A49E2F0A5504}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{752D904D-C0EF-46FA-B746-5A5BFE9C8086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{888F3F54-6122-460E-81B4-C23858920B57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9057F5C7-FE2D-48BC-A4E0-2D95A42C39B0}" = rport=139 | protocol=6 | dir=out | app=system |

"{A9172BD1-4955-4C12-8BB6-F7D2F4648893}" = lport=138 | protocol=17 | dir=in | app=system |

"{B148F3A2-520B-4F7E-A1A4-4ADF8B56F643}" = lport=445 | protocol=6 | dir=in | app=system |

"{C3973D24-7F55-4430-B131-1D77BB36ECEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CE0D7596-0A13-446C-B7D5-73F7CA2EA846}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{D6C903C7-0B78-440A-B829-ECF4588DBF0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E2C4398E-90FB-4C36-9C25-933184E94326}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E335F4BD-EDBA-4920-8FC5-0A6E1169A1B4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{E36594BC-2BDC-4D8B-9FDD-83B0B2B06A6D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{E4202B46-93D4-48DC-BA30-6C0CAAA5F629}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E7348DE2-CB9A-4FB4-A35C-A0265FFE1F74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EE3B3F4F-B76B-4FEB-89C2-70D5A4907BF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0361AD18-1955-4812-BA29-BB7345D7EA91}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe |

"{046F3F5A-248B-4246-9A0B-F5D0A6CC33AD}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{0482B39B-106C-49FA-A19C-909B4EA31797}" = protocol=6 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\miniqqdl.exe |

"{05B0A94B-854C-4F53-9804-7EE2A5166DC6}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |

"{06DD1F18-DB69-4023-B3CB-A31CAACBB1BB}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{075791F4-3729-4198-AC0D-00BAF7AB0380}" = protocol=6 | dir=in | app=c:\users\midas\appdata\roaming\tencent\剑灵\6314c6e18214ceac40bb9fb1f7f449f0\teniodl\teniodl.exe |

"{08444C70-8F07-4659-B080-3D38DE2618E7}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{088C5BDF-99F7-4F62-B29E-50DD6C0CCBFF}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{09C4CFED-2F4A-4BD7-B11A-445463CAC765}" = protocol=17 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\miniqqdl.exe |

"{0A5E7E47-9389-4EB9-85C8-EFCA9BAB149A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{0A793CD7-B73A-4A43-B72D-AF4AE58F07E5}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{0D94DE7C-21AF-48DA-A7EB-82342865B9F4}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{10735616-F6B4-4610-BDB4-F124DCF4CB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{12D8AD2A-B80C-420E-8ABB-03B843A5A7B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{137658EF-5130-4827-A04F-B78B81F921D6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{13E1672E-A848-4101-BA1B-2D061E2FA7C3}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{142D30A3-3837-44A9-911D-36A8251703C3}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{144C9BB4-8899-4BA7-A0EE-6F1644321D4A}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{14567597-D5CB-4877-A697-D828C8489254}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{15A5E2D9-2F45-4C46-96F7-B7AA3E5EEE67}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{18E14FBA-77FF-4266-8713-35A767BAF3F9}" = protocol=1 | dir=in | [email protected],-28543 |

"{19DFE3E5-99E3-4D1A-B9F2-CAC61702069C}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{1CC4CB40-3151-4C08-ADA1-799BFE62E4DD}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{1CEE87E6-DBED-4DEE-8833-DA211AA02E54}" = protocol=6 | dir=in | app=c:\users\midas\appdata\roaming\tencent\剑灵\ca8db4aec907f2ef5d70500d1d68aed8\teniodl\teniodl.exe |

"{1D4C6CA2-C333-4EBA-BBA2-F84217A7A536}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{1EEC20F3-90FA-4147-B8CE-CFC0A158A60C}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{236A8FAD-4D2E-4FCD-9512-21E2ADD9A513}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{280B80A0-7A4A-478C-9AF0-55BFA1FB1F86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{28F55CFE-57F7-4E13-BFAD-F2D59A238443}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{29A5CE3E-386A-42A9-9004-9F56126369AE}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{2B3283E8-DC28-4488-8FD8-19F149AC1AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{2B99E06F-1C20-40A8-B12B-E584E591DA42}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{2C897171-DDAF-470A-B1B6-F8D98C8FD327}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{2CB860A4-14EA-48A9-8AC0-1B914E4EC7C2}" = protocol=6 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\miniqqdl.exe |

"{2F18A48A-D719-438F-864B-B55D83497B47}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{30B78CC4-7AD0-4801-9173-D54648F1B49F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3212B1D7-2223-435B-9852-636E7CDEFA70}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{321CE877-76D9-4B5B-9B03-A24BA49CBB14}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{3322F2A0-7D65-4A0A-9B67-876CC57B7B48}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{34518C75-A413-4B84-8D33-161B85E3B0D8}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{37F7DDCF-6BD9-46C5-8C21-2BFCC86CB975}" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\java.exe |

"{38112C5C-2542-4324-9934-3A7348212E54}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{3B6C44D4-14B8-4048-A1CA-A0D7A47CFBC0}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{3CE778AE-D814-4357-8648-3D28EDEAB8DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3E144AC0-5FAC-422F-A871-A9769F1FBB62}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{3E6C63BA-4A61-4F9D-934C-E71942DF6851}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{3F402E1B-6907-4042-BCD3-020DDF964253}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{411AC5F1-DECA-4AE0-A227-EEB8C43C5CF5}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{41E0F206-4E97-434E-9C13-945520F26A03}" = protocol=6 | dir=out | app=system |

"{43B67084-5D31-4AEC-9886-8C5D518E3E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{486F315A-3E11-4398-91CE-128EDA0BBF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{4933003F-B751-4784-9364-3E79D7D9EE1A}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{4A59EE8B-EAE3-4905-8014-80156DE4F2F9}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{4AA7E9BE-4E43-4E4F-89AC-F69D4F4F4D03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4ADE4EDC-0981-4EAB-B5E8-925BE181F38E}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{4AE34C93-18EE-488B-A6F9-D625173F9597}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\bin\cross\crossproxy.exe |

"{4B545EC6-6712-4C16-AB5E-86F6BC906E00}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{4CC9DEE2-68B8-45C1-B0FA-A96C456F01BB}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{4FD6B98F-EB1D-4BA8-B74F-2E2DF0DA7E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\bin\cross\crossproxy.exe |

"{53C41C1E-FE11-46C3-9151-2E0126E0E14E}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{577404A9-E387-46D0-AAC6-2355E239249B}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{59160DDC-961C-49C8-8C0C-226F26B08C30}" = protocol=17 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\miniqqdl.exe |

"{5916D5E8-62D0-4013-8C3E-699B3767650A}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{5B2D9863-088A-4C95-8A4D-0B304EF6603F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5D9980F9-1217-4A2C-AF62-A9950931A5DE}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{5F984D06-E424-47AA-B561-5F70CEEF5525}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{67BE7993-4C45-4BA1-A4AB-76C0C35F7811}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{69FEB4DF-E246-4B02-ADD9-4291022404EA}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{6B958FC8-5795-4926-84FC-210AA2C1E9D3}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{6ECD2286-EEDB-45BA-B7E6-36C62617A8FB}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{75886A42-28EB-4557-8762-953EFEF0EAA6}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{76F79B08-7DD5-4860-9103-0D374B2CE56F}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{7761C7A2-6E95-45E1-A2EA-52099955DDA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{77829D0A-1F7F-4C82-AEAF-19B2B480D1A9}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{79781F46-B032-4B15-BD44-BD6E61AA653E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{7A816DA9-500F-4A57-B587-5457691E675B}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{7C951D15-4795-4F32-9484-DD3BFC164419}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{7D0E4BF0-B7F8-4128-9CDC-2A965920C54E}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{7E3073B3-99C7-48B6-97A6-9337D03107F9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7E6928AA-82DD-408A-A065-5364306300AD}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{7ED6FA96-EE10-4798-BA10-E9482D27DADD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{7F735583-9B20-487D-983B-CB12C046C503}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{826D96D7-9678-4A11-B260-61007FDE0CC7}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{848886A3-6D29-47E3-8849-445087C82A87}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{84BDE03F-AB0E-428D-B0AF-DB520E007B88}" = protocol=1 | dir=out | [email protected],-28544 |

"{8749AC3A-EDF3-43B7-9C0C-724EBA93157E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{8781A914-8271-480E-A9D8-D96E85D4DE80}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{8A04B148-83C7-4102-AC30-BB728969C441}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8B79074E-1D4F-426F-82B2-507E269B148B}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{8BD8BBA8-E811-4C1E-BEF8-DCF25DF811C9}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{8C74FCF3-97AE-4E28-AD5B-D307B60117E8}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{8CF9DA2F-1470-4386-A449-5B7354A19A4B}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{8D38A8F6-F2F7-4329-882C-1111CA243849}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{8E964EBF-93B6-4B23-98DF-804D87C36F11}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{9087AF3F-C48C-445B-A4B3-8B7BB65AE0EA}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{90CEBA02-DE55-4721-B1DF-4057253635B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{912EACE3-84DF-4D4B-A344-277ED9463082}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{927A3FEE-F338-4C43-8630-4E548FEF08A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{95D96925-E2EF-47EA-853C-F6C5DB5500EA}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{9A1A19B2-1C04-4B86-B21F-B67AB4613FA4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{9E55F72E-2EB3-4F65-8DD3-2287B487AF83}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{9E71D148-79F6-406F-8F80-8FB9028C8E3D}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{9FA47F37-5DAF-4067-9D62-E11804807ED0}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{A00A4586-AC07-43C4-98AA-A9A5AADEE947}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{A0FA37EC-758E-4067-AD35-26ED2B86B4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{A18E0D23-2535-454C-BF32-62E0F2D88B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{A3558CC6-3748-47FB-8843-65FADB69520C}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{A5EC578D-7853-4409-BD97-0D0F8A42E794}" = protocol=58 | dir=in | [email protected],-148 |

"{AFC95AA9-B443-4451-967E-0695697B212E}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\bin\cross\crossproxy.exe |

"{B037A8F6-6B6E-4FD1-97CD-9956B2CFFB20}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{B3C5CC26-3F4D-4D2B-8967-23DAAB07E20A}" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\java.exe |

"{B3FC4F8A-15CC-4E21-A494-D69C4A39776E}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{B7E1E9EA-0703-456E-9FF4-9A33A03D250C}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{B85D33D6-2500-4F1E-85B4-81377686C42D}" = protocol=6 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\teniodl.exe |

"{BB2E1EC4-C0BC-422B-972E-A30764BA6B51}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{BB76C1D2-D876-4A8D-B2C7-89C42F7082A9}" = protocol=17 | dir=in | app=c:\users\midas\appdata\local\temp\qqgamedownloader\bns_1392862941\teniodl.exe |

"{BBFE6839-1523-4C57-ACFD-7E28E6DD2170}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{C015E340-305B-4E65-883F-BC29BE2B1610}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{C0D63067-C799-4C61-B879-BFE7A4032163}" = protocol=58 | dir=in | [email protected],-28545 |

"{C54C4B03-9B6F-4B39-A32C-6D323D062EBD}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\bin\cross\crossproxy.exe |

"{C567EE34-7FAE-4BD7-AB93-A37A4675EDAB}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{C9DFCE9A-8D4F-43E5-ADE2-8E5A43209FD4}" = protocol=17 | dir=in | app=c:\users\midas\appdata\roaming\tencent\剑灵\6314c6e18214ceac40bb9fb1f7f449f0\teniodl\teniodl.exe |

"{C9F281AA-FB1E-4E10-B739-208D6A141F85}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{CA9D41AD-757E-4CFF-AE6A-EA5433F0AAE3}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{CAF2AC7C-4320-404B-9B70-3D1CDDD4D707}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{CC70CD09-D81D-4A73-B070-FDC8BD7F488E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{CF2EA37B-CCBD-4634-A111-3519F16CCD93}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{D0B2B724-16BD-4B7D-92DF-D810D93089A3}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{D1E7D34F-DD9C-4BFF-A9AE-7EBC441F286D}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{D26F1132-F664-4D2B-AD3C-586907C63BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{D3AA8C7A-6E8E-4F8F-893F-7DF95BAF73B5}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe |

"{D3F878ED-B42E-4244-91EF-6CC817545913}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{D4314A08-40A6-4309-90D2-B7CBF431A73A}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{D4975DF4-7503-4ADE-BB06-F219BC1D9186}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{D55E67EE-9619-4235-ADD6-131BFA472866}" = protocol=17 | dir=in | app=c:\users\midas\appdata\roaming\tencent\剑灵\ca8db4aec907f2ef5d70500d1d68aed8\teniodl\teniodl.exe |

"{DA210A87-FD38-4DC1-A9C3-559308DE1AF8}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{DA54E4D8-5C8C-4C0D-8CCB-4227EAB9CDE5}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{DD0E6BC7-0ED1-490C-BBDB-6151098CB30D}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{DDDD5B09-CB83-4D58-B345-92A521C545AE}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{DEAD4642-B689-463A-9B65-1CFBC13DCB3C}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |

"{DF169963-1188-498F-9578-11DA2E35B0AE}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{DF4DF256-BAA0-4A34-99F3-1FD2C1B86A4F}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{DF7B22A2-32B2-4836-A8B7-3CC40B96DD9D}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{E077BE2E-50EB-4A32-8081-765CA1E39E4E}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{E0984BDF-3EE4-4AD1-AAF1-E3615171809B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{E11DA5DC-BE72-4E87-9FAD-5FF1833269F7}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe |

"{E1CA462E-E368-4C56-94CC-AC3E2100943E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E218C578-F417-4157-85B5-F8D231CC9379}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{EFA04EE9-82CC-44A0-8D98-5A765FD4A3DF}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{F0775ECE-3C88-4748-8DA8-FB0B1A72A008}" = protocol=6 | dir=in | app=c:\˝łáé_ěúń¶\tcls\launcher.exe |

"{F5623BB6-0869-464E-852C-2B6A4FDB5897}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{F5F1C104-C140-4EB6-B3CA-FEB3AE8FF77F}" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{F671BDF9-A316-47A5-88B5-55CABC951DDB}" = protocol=17 | dir=in | app=c:\˝łáé_ěúń¶\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe |

"{FAD8002E-D792-4FCE-A0C8-F795E3D6AB84}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{FE46732E-CE03-4380-AEEB-EC6667F86CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\launcher.exe |

"{FFE5E8A5-A450-4D36-A226-64DEA0A63AC4}" = protocol=58 | dir=out | [email protected],-28546 |

"TCP Query User{1514A5D3-3C3B-4EA3-B909-6DC983E9CF65}C:\program files (x86)\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cs 1.6\hl.exe |

"TCP Query User{1CAA89B7-B70A-4360-A25D-8A2B795ACE09}C:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\counter-strike 1.6\hl.exe |

"TCP Query User{1F1D5869-03C7-41B0-A54C-4D4BA29E454D}C:\users\midas\desktop\kamer mod\metin2mod_2012sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2012sf.exe |

"TCP Query User{216966CC-192D-47E9-A926-E6A33B0B9F58}C:\program files\metin2 ravia.eu\game" = protocol=6 | dir=in | app=c:\program files\metin2 ravia.eu\game |

"TCP Query User{2206393D-216F-457F-BDB4-8BCE554EADA9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |

"TCP Query User{26DFC5AF-C038-4041-85C4-CC382A3435F1}C:\program files\metin2 ravia.eu\game" = protocol=6 | dir=in | app=c:\program files\metin2 ravia.eu\game |

"TCP Query User{33F7DCAB-C3AF-4893-BB2F-88B7E57D63B0}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{351C90B5-0B60-404F-8CFC-A24F608AB7F3}C:\program files\java\jre8\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |

"TCP Query User{3BC557E6-0366-4DE6-ACD5-4855E59AFEC7}C:\users\midas\desktop\pandoramt2\pandoramt2(bez_patchera).exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\pandoramt2\pandoramt2(bez_patchera).exe |

"TCP Query User{3F9BB74B-7C99-4D00-BA8F-63DAABFA3F9A}C:\program files\counter strike 1.6 bf edition\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter strike 1.6 bf edition\hl.exe |

"TCP Query User{5082583E-22FB-4D7F-AF3D-39CC865A191D}C:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe |

"TCP Query User{5236E8F1-FAD1-4CBA-B454-9A853C0ACF1D}C:\users\midas\desktop\kerunis.pl\kerunis.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\kerunis.pl\kerunis.exe |

"TCP Query User{54390634-9D5A-4C0A-B210-7B3F3BEDC365}C:\users\midas\desktop\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe |

"TCP Query User{613E1376-4CD1-48A1-8EE5-2BEBEFC7396F}C:\users\midas\desktop\patcher - kopia\metin2mod_2011sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\patcher - kopia\metin2mod_2011sf.exe |

"TCP Query User{63817D1C-6E83-4542-8A00-8139F6F6526E}C:\program files (x86)\膛鍾_枆捅\tcls\tenprotect\tensafe_1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\tenprotect\tensafe_1.exe |

"TCP Query User{65038CC0-B863-4181-A61D-8BA2AC109420}C:\program files\java\jre8\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |

"TCP Query User{65D0CADB-6A9B-46C4-96E1-6A1B0B26BD1F}C:\users\midas\desktop\dragon - kopia\metin2mod_2012sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\dragon - kopia\metin2mod_2012sf.exe |

"TCP Query User{800DB9CC-DC78-4E0B-B355-A11598D80BFA}C:\users\midas\desktop\pandoramt2\metin2mod_2012sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\pandoramt2\metin2mod_2012sf.exe |

"TCP Query User{8ECB506F-E3C4-4378-8DE2-E85674F46ED5}C:\users\midas\desktop\dragon\metin2.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\dragon\metin2.exe |

"TCP Query User{8F516F51-F448-4525-A13A-2A6F77B95C52}C:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe |

"TCP Query User{D234D036-9DF1-4888-ADFE-FE6F9A768C8A}C:\users\midas\desktop\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=6 | dir=in | app=c:\users\midas\desktop\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe |

"TCP Query User{E1AE31A6-8F1C-4D49-9E4C-20ABF33A48F6}C:\users\midas\desktop\patcher\metin2.bin" = protocol=6 | dir=in | app=c:\users\midas\desktop\patcher\metin2.bin |

"UDP Query User{0D204884-2E3D-432C-A584-7E8127E6E1E1}C:\users\midas\desktop\kerunis.pl\kerunis.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\kerunis.pl\kerunis.exe |

"UDP Query User{0F003847-C5FB-4B01-A12E-0606B437C74D}C:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\counter-strike 1.6\hl.exe |

"UDP Query User{129779F6-3037-48AA-9480-D0281ABF251C}C:\program files\java\jre8\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |

"UDP Query User{221A740C-6098-4132-A18D-BAB3004C0ACD}C:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe |

"UDP Query User{2B992A77-6FA5-4933-9F84-0543EEA8FEC2}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{33DAD777-6641-4F6A-9832-72066303A92F}C:\users\midas\desktop\kamer mod\metin2mod_2012sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2012sf.exe |

"UDP Query User{358B6163-CEE8-4485-8FDF-D66C0D3DA6D8}C:\users\midas\desktop\dragon - kopia\metin2mod_2012sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\dragon - kopia\metin2mod_2012sf.exe |

"UDP Query User{3947BEE8-AAEB-4790-B221-6A137711E75E}C:\program files\metin2 ravia.eu\game" = protocol=17 | dir=in | app=c:\program files\metin2 ravia.eu\game |

"UDP Query User{4199A0D2-2592-4A25-A510-A19D1A18BEEE}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |

"UDP Query User{47E57576-C250-488B-9E5B-A406B35E53D7}C:\users\midas\desktop\pandoramt2\pandoramt2(bez_patchera).exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\pandoramt2\pandoramt2(bez_patchera).exe |

"UDP Query User{52895087-87B3-407B-A709-19292EF0DC15}C:\program files (x86)\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cs 1.6\hl.exe |

"UDP Query User{54116F78-D080-4D92-99DF-14CB12E243B0}C:\program files\java\jre8\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |

"UDP Query User{57754F2B-8962-41B7-94C4-1D413DF8DFED}C:\users\midas\desktop\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe |

"UDP Query User{93B050D8-40BD-4C99-B4B6-66F5ED079663}C:\program files (x86)\膛鍾_枆捅\tcls\tenprotect\tensafe_1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\膛鍾_枆捅\tcls\tenprotect\tensafe_1.exe |

"UDP Query User{B0AD2EFE-0063-43C5-B545-0A72B923AE67}C:\program files\metin2 ravia.eu\game" = protocol=17 | dir=in | app=c:\program files\metin2 ravia.eu\game |

"UDP Query User{B2E8441E-18FD-41A7-9F09-461AC6F0687F}C:\users\midas\desktop\patcher\metin2.bin" = protocol=17 | dir=in | app=c:\users\midas\desktop\patcher\metin2.bin |

"UDP Query User{EB4FA3D6-374E-4385-A613-2E6F1962C60C}C:\program files\counter strike 1.6 bf edition\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter strike 1.6 bf edition\hl.exe |

"UDP Query User{EF0ED44A-B4F2-4AD0-AAE8-6C21BCF8D6F0}C:\users\midas\desktop\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe |

"UDP Query User{F511FA54-F60C-44BB-A760-4E2897392321}C:\users\midas\desktop\pandoramt2\metin2mod_2012sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\pandoramt2\metin2mod_2012sf.exe |

"UDP Query User{F5C48C46-E90C-4E12-9B64-C9B3B6C475F7}C:\users\midas\desktop\patcher - kopia\metin2mod_2011sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\patcher - kopia\metin2mod_2011sf.exe |

"UDP Query User{F7EE3A63-0EEB-4283-B4CA-21FBE4DBDA74}C:\users\midas\desktop\dragon\metin2.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\dragon\metin2.exe |

"UDP Query User{FFE99DA5-4BBD-424D-8A88-CEB51DC1E76D}C:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe" = protocol=17 | dir=in | app=c:\users\midas\desktop\kamer mod\metin2mod_2011sf.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform

"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery

"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common

"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 60

"{26A24AE4-039D-4CA4-87B4-2F83218000FF}" = Java 8

"{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}" = COMODO Antivirus

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker

"{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

"{3EEF6B1E-38AA-4F22-BA70-30A73BB06AAE}" = Photo Common

"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Obsługa programów Apple

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends

"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack

"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer

"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74451556-4E0B-4082-B74C-583B7EDC3679}" = Yahoo Community Smartbar

"{77655DF6-A143-4A25-A5F8-127C8CE63EDA}" = Galeria fotografii

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16

"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8FFD72FC-4FFA-472D-9F76-AEC85F602F9D}" = Podstawowe programy Windows Live

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC57543E-EC54-4AB7-A18C-4B04BB1CF09A}" = Windows Live UX Platform Language Pack

"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists

"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call

"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service

"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery

"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common

"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE

"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions

"{DAE8CC57-EBF5-4D46-8572-9A0C769D6F16}" = Movie Maker

"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"4330202e-c3a7-4af1-89b7-afbb764ac9db" = View Password

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin

"FileZilla Client" = FileZilla Client 3.8.1

"Fraps" = Fraps (remove only)

"Google Chrome" = Google Chrome

"League of Legends 3.0.1" = League of Legends

"Level Quality Watcher" = Savings Bull

"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PrivDog" = PrivDog

"PROSet" = Intel® Network Connections Drivers

"PunkBusterSvc" = PunkBuster Services

"ShadowExplorer_is1" = ShadowExplorer 0.8

"SiteFinder" = SiteFinder

"Speedial" = Speedial

"Steam" = Steam

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = Archiwizator WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{af2eee57-1be0-4b11-bf1d-41ec6940035a}" = Yahoo Community Smartbar Engine

"MKLOL" = MKLOL

"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 14-06-02 19:32:23 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 07:13:56 | Computer Name = Midas-Pc | Source = Registry Helper Service | ID = 109

Description = Error: Service started

Error - 14-06-03 12:21:15 | Computer Name = Midas-Pc | Source = Registry Helper Service | ID = 109

Description = Error: Service started

Error - 14-06-03 12:32:01 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 13:03:02 | Computer Name = Midas-Pc | Source = Application Hang | ID = 1002

Description = Program OTL.exe w wersji 3.2.69.0 zatrzymał interakcję z systemem

Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji

dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum

akcji. Identyfikator procesu: 648 Godzina rozpoczęcia: 01cf7f4d61e78e7a Godzina zakończenia:

12 Ścieżka aplikacji: C:\Users\Midas\Desktop\OTL.exe Identyfikator raportu:

Error - 14-06-03 13:13:57 | Computer Name = Midas-Pc | Source = Registry Helper Service | ID = 109

Description = Error: Service started

Error - 14-06-03 13:22:22 | Computer Name = Midas-Pc | Source = Registry Helper Service | ID = 109

Description = Error: Service started

Error - 14-06-03 13:32:03 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 14:32:00 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 15:32:00 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 16:32:00 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

Error - 14-06-03 17:32:00 | Computer Name = Midas-Pc | Source = MsiInstaller | ID = 11316

Description =

[ Media Center Events ]

Error - 14-04-18 16:41:23 | Computer Name = Midas-Pc | Source = MCUpdate | ID = 0

Description = 22:41:23 - Nie można pobrać pakietu Directory (Błąd: Połączenie podstawowe

zostało zakończone: Nie można ustanowić relacji zaufania dla bezpiecznego kanału

SSL/TLS.)

[ System Events ]

Error - 14-05-30 11:00:56 | Computer Name = Midas-Pc | Source = EventLog | ID = 6008

Description = Poprzednie zamknięcie systemu przy 15:23:41 na ?2014-?05-?30 było

nieoczekiwane.

Error - 14-05-30 16:48:00 | Computer Name = Midas-Pc | Source = DCOM | ID = 10010

Description =

Error - 14-06-02 13:22:34 | Computer Name = Midas-Pc | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 14-06-02 13:22:35 | Computer Name = Midas-Pc | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 14-06-02 13:22:35 | Computer Name = Midas-Pc | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 14-06-02 13:22:36 | Computer Name = Midas-Pc | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 14-06-02 13:27:07 | Computer Name = Midas-Pc | Source = DCOM | ID = 10010

Description =

Error - 14-06-02 14:04:07 | Computer Name = Midas-Pc | Source = volsnap | ID = 393252

Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie

można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 14-06-02 15:09:42 | Computer Name = Midas-Pc | Source = Service Control Manager | ID = 7031

Description = Usługa vxlsnyaiet32 niespodziewanie zakończyła pracę. Wystąpiło to

razy: 1. W przeciągu 300000 milisekund zostanie podjęta następująca czynność korekcyjna:

Uruchom usługę ponownie.

Error - 14-06-02 17:13:17 | Computer Name = Midas-Pc | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi vxlsnyaiet32 z powodu następującego błędu:

%%2