OTL logfile created on: 2013-01-03 17:34:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Przemek\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,75 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 35,43% Memory free 5,75 Gb Paging File | 3,98 Gb Available in Paging File | 69,30% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 326,23 Gb Total Space | 178,45 Gb Free Space | 54,70% Space Free | Partition Type: NTFS Drive D: | 14,77 Gb Total Space | 5,95 Gb Free Space | 40,28% Space Free | Partition Type: NTFS Drive K: | 124,66 Gb Total Space | 92,46 Gb Free Space | 74,17% Space Free | Partition Type: NTFS Computer Name: RIZI | User Name: Przemek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-01-03 17:29:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Przemek\Desktop\OTL.exe PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-08-21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-08-21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- C:\Program Files\screenSHU\screenSHU.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-04-14 19:45:22 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe PRC - [2010-04-03 13:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe PRC - [2009-10-01 11:45:56 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe PRC - [2009-10-01 11:45:55 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe PRC - [2009-08-19 14:30:46 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe PRC - [2009-05-11 10:47:54 | 000,361,472 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\GXT14 Mouse\RapooV1Process.exe PRC - [2009-05-11 08:24:10 | 004,832,256 | ---- | M] () -- C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe PRC - [2009-05-11 08:18:34 | 000,354,304 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe PRC - [2008-05-29 19:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\GXT14 Mouse\StartAutorun.exe PRC - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- C:\Program Files\screenSHU\screenSHU.exe MOD - [2012-02-02 18:26:52 | 000,043,008 | ---- | M] () -- C:\Program Files\screenSHU\libgcc_s_dw2-1.dll MOD - [2012-02-02 18:26:52 | 000,011,362 | ---- | M] () -- C:\Program Files\screenSHU\mingwm10.dll MOD - [2010-04-03 13:06:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll MOD - [2010-04-03 13:06:08 | 000,024,064 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll MOD - [2010-04-03 13:06:02 | 000,094,208 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll MOD - [2010-04-03 13:05:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll MOD - [2010-04-03 13:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe MOD - [2010-04-03 13:05:32 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\verby.dll MOD - [2010-04-03 13:05:22 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\controly.dll MOD - [2009-12-17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files\Launchy\imageformats\qmng4.dll MOD - [2009-12-16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll MOD - [2009-12-16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll MOD - [2009-12-16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll MOD - [2009-10-01 11:45:56 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe MOD - [2009-10-01 11:45:55 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe MOD - [2009-08-19 14:30:46 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe MOD - [2009-07-17 08:33:27 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll MOD - [2009-07-17 08:32:35 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll MOD - [2009-06-23 07:11:11 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll MOD - [2009-06-23 07:10:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll MOD - [2009-06-23 07:09:46 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll MOD - [2009-05-27 12:16:52 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll MOD - [2009-05-11 08:24:10 | 004,832,256 | ---- | M] () -- C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe MOD - [2009-04-28 03:56:40 | 000,024,576 | ---- | M] () -- C:\Windows\System32\lxeasmr.dll MOD - [2009-04-07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll MOD - [2009-03-30 13:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll MOD - [2009-03-30 13:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll MOD - [2009-03-30 13:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll MOD - [2009-03-30 13:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll MOD - [2009-03-30 13:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll MOD - [2009-03-10 06:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll MOD - [2009-03-02 15:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll MOD - [2009-03-02 06:45:58 | 000,042,496 | ---- | M] () -- C:\Program Files\Trust\GXT14 Mouse\MouseHook.dll MOD - [2009-02-20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll MOD - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007-09-02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll MOD - [2007-03-29 06:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Trust\GXT14 Mouse\keydll.dll MOD - [1998-10-31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012-12-22 11:17:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-10-02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-09-07 14:37:04 | 000,100,864 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012-08-21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-08-10 11:42:54 | 000,150,464 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-12 14:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012-07-06 11:55:17 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-05-20 13:53:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-04-14 19:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device) SRV - [2010-03-22 14:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010-03-02 23:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- K:\Program Files\Ashampoo WinOptimizer 9\DfSdkS.exe -- (DfSdkS) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-05-11 08:18:34 | 000,354,304 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe -- (KmGameMouseServiceV1) SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\vtany.sys -- (vtany) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\ProgramData\uklpr\klpp2drv.sys -- (KLPP2Drv) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-10-26 20:03:22 | 000,187,736 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2012-10-26 20:03:06 | 000,104,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2012-10-26 20:02:10 | 000,115,544 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2012-10-26 20:02:10 | 000,094,040 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2012-10-02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-08-21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-08-21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-08-21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-08-21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012-08-21 10:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012-08-21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-07-03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012-04-06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011-04-22 15:28:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-04-22 15:28:12 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-12-20 10:18:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-08-12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010-07-15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010-07-15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009-11-11 18:24:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-05-11 10:43:44 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RPGMOUSEV1.sys -- (KMWDFilterV1) DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-02-03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2008-03-19 15:37:58 | 000,688,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb) DRV - [2008-03-19 15:37:56 | 000,060,533 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stmatm.sys -- (Stmatm) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (Cardex) DRV - [2007-02-08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{229C4666-12F3-4A3E-AAB8-4A8B47B5D133}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = about:blank IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=9c81c108-e93d-11e0-9221-00241d698c83&q={searchTerms} IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=2c750e6100000000000000241d698c83 IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes\{229C4666-12F3-4A3E-AAB8-4A8B47B5D133}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..\SearchScopes\{9DC39A01-739E-457A-9AA5-83ED7D873E17}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms} IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=2c750e6100000000000000241d698c83&q=" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Przemek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Przemek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-09-30 18:02:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-21 20:30:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-14 17:07:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-30 20:02:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: K:\Program Files\Mozilla Firefox\components [2012-12-15 10:50:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: K:\Program Files\Mozilla Firefox\plugins [2012-12-15 10:50:28 | 000,000,000 | ---D | M] [2010-03-12 20:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Przemek\AppData\Roaming\mozilla\Extensions [2012-12-04 15:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Przemek\AppData\Roaming\mozilla\Firefox\Profiles\parugpc1.default\extensions [2012-07-12 14:08:43 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Przemek\AppData\Roaming\mozilla\Firefox\Profiles\parugpc1.default\extensions\battlefieldplay4free@ea.com [2012-09-18 21:37:57 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Przemek\AppData\Roaming\mozilla\firefox\profiles\parugpc1.default\extensions\testpilot@labs.mozilla.com.xpi [2012-12-04 15:45:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Przemek\AppData\Roaming\mozilla\firefox\profiles\parugpc1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-23 21:25:33 | 000,000,792 | ---- | M] () -- C:\Users\Przemek\AppData\Roaming\mozilla\firefox\profiles\parugpc1.default\searchplugins\startsear.xml [2011-04-14 19:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-05-24 14:17:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-03-12 20:11:59 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-05-18 13:40:04 | 000,931,328 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll [2010-05-24 14:17:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-05-18 13:40:22 | 000,624,112 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPSOCCER.dll [2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.pl/ig?hl=pl&source=iglk CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}, CHR - homepage: http://www.google.pl/ig?hl=pl&source=iglk CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Przemek\AppData\Local\Google\Chrome\Application\24.0.1312.14\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Przemek\AppData\Local\Google\Chrome\Application\24.0.1312.14\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Przemek\AppData\Local\Google\Chrome\Application\24.0.1312.14\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: GanymedeNet.Detector (Enabled) = C:\Users\Przemek\AppData\Local\Google\Chrome\Application\plugins\npganymedenet.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = K:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = K:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = K:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = K:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = K:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: LiveVDO plug-in (Enabled) = K:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Users\Przemek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.7_0\ CHR - Extension: Angry Birds = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: From Dust = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\ CHR - Extension: Szukaj w Google = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: LoL Stream Browser = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp\1.1.6.4_0\ CHR - Extension: AdBlock = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ CHR - Extension: Don't Starve = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\ CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_0\ CHR - Extension: avast! WebRep = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Speed Dial 2 = C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () O4 - HKLM..\Run: [trustGTX14] C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe () O4 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000..\Run: [screenSHU] C:\Program Files\screenSHU\screenSHU.exe () O4 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2169942964-3003231554-4121875202-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83ABBF2C-C280-4E1B-AC51-18E25A52E125}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83ABBF2C-C280-4E1B-AC51-18E25A52E125}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0e709f84-2e0b-11df-a21e-00241d698c83}\Shell - "" = AutoRun O33 - MountPoints2\{aac8eea0-331e-11e1-aebf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aac8eea0-331e-11e1-aebf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{bda35ec0-eb6c-11df-b515-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bda35ec0-eb6c-11df-b515-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-03 17:30:10 | 000,663,128 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Przemek\Desktop\SPTDinst-v183-x86.exe [2013-01-03 17:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Przemek\Desktop\OTL.exe [2012-12-29 20:01:44 | 000,000,000 | ---D | C] -- C:\Users\Przemek\AppData\Roaming\.minecraft [2012-12-29 18:32:22 | 000,000,000 | ---D | C] -- C:\Users\Przemek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Cud Świata [2012-12-23 15:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012-12-23 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3.6 [2012-12-22 11:17:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-22 11:17:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-21 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\Przemek\AppData\Roaming\Media Player Classic [2012-12-21 19:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012-12-21 19:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2012-12-21 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\Przemek\Desktop\Cyfrografia - Retusz i efekty [2012-12-19 12:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012-12-14 14:38:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-12-14 14:38:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-12-14 14:38:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-12-14 14:38:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012-12-14 14:38:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012-12-14 14:38:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-12-14 14:38:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-12-14 14:38:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-12-14 14:34:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012-12-14 14:34:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012-12-14 14:34:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012-12-14 14:34:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-14 14:34:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-14 14:34:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012-12-14 14:34:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012-12-14 14:34:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012-12-14 14:34:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012-12-14 14:34:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012-12-14 14:34:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012-12-14 14:34:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012-12-14 14:34:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012-12-14 14:34:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012-12-14 14:33:49 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012-12-14 14:33:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012-12-14 14:33:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-12-10 18:11:44 | 000,000,000 | ---D | C] -- C:\Users\Przemek\AppData\Local\FLT [2012-12-10 18:11:43 | 000,000,000 | ---D | C] -- C:\Users\Przemek\Documents\Shiner [2012-12-07 21:21:41 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2012-12-07 21:20:16 | 000,000,000 | ---D | C] -- C:\Users\Przemek\AppData\Local\ashampoo [2012-12-07 21:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012-12-07 21:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2011-09-26 20:58:06 | 002,081,832 | ---- | C] (DownVision ) -- C:\Users\Przemek\AppData\Local\setup.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-01-03 17:34:30 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-03 17:34:30 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-03 17:32:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-03 17:31:55 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys [2013-01-03 17:30:13 | 000,663,128 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Przemek\Desktop\SPTDinst-v183-x86.exe [2013-01-03 17:29:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Przemek\Desktop\OTL.exe [2013-01-03 17:29:43 | 000,294,216 | ---- | M] () -- C:\Users\Przemek\Desktop\gmer.zip [2013-01-03 14:00:04 | 001,230,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-01-03 14:00:04 | 000,673,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-01-02 18:56:32 | 024,273,178 | ---- | M] () -- C:\Users\Przemek\Desktop\Desktop.zip [2012-12-29 20:01:36 | 000,263,186 | ---- | M] () -- C:\Users\Przemek\Desktop\Minecraft.exe [2012-12-29 18:32:23 | 000,000,684 | ---- | M] () -- C:\Users\Przemek\Desktop\8 Cud Świata.lnk [2012-12-25 23:34:28 | 000,000,066 | ---- | M] () -- C:\Users\Przemek\Desktop\dtr-listen.pls [2012-12-24 12:32:35 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-24 12:32:35 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-24 12:32:35 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Przemek.job [2012-12-24 12:32:35 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Przemek.job [2012-12-24 12:32:35 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Przemek.job [2012-12-22 18:29:14 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-12-22 18:29:09 | 003,885,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-12-22 11:17:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-12-22 11:17:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-12-20 21:26:16 | 000,365,133 | ---- | M] () -- C:\Users\Przemek\Desktop\Bez tytułu 1.odp [2012-12-16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-03 17:29:40 | 000,294,216 | ---- | C] () -- C:\Users\Przemek\Desktop\gmer.zip [2013-01-02 18:57:00 | 004,953,412 | ---- | C] () -- C:\Users\Przemek\Desktop\DSCF1733.JPG [2013-01-02 18:57:00 | 004,948,828 | ---- | C] () -- C:\Users\Przemek\Desktop\DSCF1735.JPG [2013-01-02 18:57:00 | 004,787,951 | ---- | C] () -- C:\Users\Przemek\Desktop\DSCF1734.JPG [2013-01-02 18:57:00 | 004,759,397 | ---- | C] () -- C:\Users\Przemek\Desktop\DSCF1736.JPG [2013-01-02 18:56:59 | 004,830,278 | ---- | C] () -- C:\Users\Przemek\Desktop\DSCF1732.JPG [2013-01-02 18:55:00 | 024,273,178 | ---- | C] () -- C:\Users\Przemek\Desktop\Desktop.zip [2012-12-29 20:01:33 | 000,263,186 | ---- | C] () -- C:\Users\Przemek\Desktop\Minecraft.exe [2012-12-29 18:32:23 | 000,000,684 | ---- | C] () -- C:\Users\Przemek\Desktop\8 Cud Świata.lnk [2012-12-25 23:34:28 | 000,000,066 | ---- | C] () -- C:\Users\Przemek\Desktop\dtr-listen.pls [2012-12-21 22:14:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Przemek.job [2012-12-21 22:14:02 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Przemek.job [2012-12-21 22:14:01 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Przemek.job [2012-12-21 19:32:15 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012-12-20 21:12:31 | 000,365,133 | ---- | C] () -- C:\Users\Przemek\Desktop\Bez tytułu 1.odp [2012-11-06 17:48:11 | 000,000,132 | ---- | C] () -- C:\Users\Przemek\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2012-09-26 20:47:10 | 000,000,856 | ---- | C] () -- C:\Users\Przemek\AppData\Local\recently-used.xbel [2012-04-24 15:48:24 | 000,000,022 | -HS- | C] () -- C:\Users\Przemek\AppData\Roaming\Windows1569_SettingsRepository.bin [2012-04-24 15:48:24 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012-04-18 21:15:06 | 000,005,632 | ---- | C] () -- C:\Users\Przemek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-28 13:30:01 | 000,000,046 | ---- | C] () -- C:\Windows\System32\91207717.sys [2012-02-18 12:25:35 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2012-01-11 22:27:54 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012-01-05 19:51:32 | 000,000,640 | RHS- | C] () -- C:\Users\Przemek\ntuser.pol [2011-09-20 14:54:57 | 000,000,692 | ---- | C] () -- C:\Users\Przemek\.packettracer [2011-06-26 20:47:10 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-05-29 15:58:45 | 000,285,724 | ---- | C] () -- C:\Users\Przemek\Odebrane [2011-05-12 20:02:57 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011-04-22 15:28:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-04-22 15:28:12 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-04-07 21:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-03-10 21:47:34 | 000,000,792 | ---- | C] () -- C:\Users\Przemek\AppData\Roaming\fancypack_core.properties [2011-02-17 16:05:58 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini [2011-01-18 20:42:53 | 000,010,995 | ---- | C] () -- C:\Windows\System32\score.ini [2011-01-10 19:39:53 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-01-10 19:39:53 | 000,138,056 | ---- | C] () -- C:\Users\Przemek\AppData\Roaming\PnkBstrK.sys [2011-01-10 19:39:31 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-01-10 19:39:30 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-10-25 15:41:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP [2010-05-23 20:23:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-05-21 15:29:25 | 000,024,312 | ---- | C] () -- C:\Users\Przemek\AppData\Roaming\UserTile.png [2010-03-11 19:51:01 | 000,007,621 | ---- | C] () -- C:\Users\Przemek\AppData\Local\resmon.resmoncfg [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-06-11 20:04:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-05-19 16:17:28 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\.anki [2012-12-29 20:02:54 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\.minecraft [2012-05-27 13:11:22 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\.techniclauncher [2010-06-01 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Atari [2012-10-29 18:18:51 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Audacity [2012-10-02 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\EoN [2012-08-10 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Fisher-Price [2012-12-30 18:39:09 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\foobar2000 [2012-04-18 21:14:19 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\FreeAudioPack [2010-04-16 20:02:07 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Gadu-Gadu 10 [2012-11-23 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\GameRanger [2011-12-28 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\GanymedeNet [2010-11-26 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\GetRightToGo [2012-10-24 22:01:26 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\GG [2010-11-23 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\GHISLER [2011-04-19 20:49:49 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\gtk-2.0 [2010-07-20 11:55:22 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\HateML [2012-04-18 22:18:04 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\ipla [2012-03-23 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Launchy [2010-07-08 14:01:48 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Leadertech [2011-04-14 18:16:46 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\LibreOffice [2011-08-22 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\LolClient [2012-05-24 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\LolClient2 [2012-03-04 11:52:27 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\LOVE [2011-04-14 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Notepad++ [2010-03-27 17:38:05 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\OpenFM [2010-06-09 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\OpenOffice.org [2011-05-29 15:31:45 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Opera [2012-09-22 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Origin [2010-11-22 13:45:35 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\POINTERGHOSTV1 [2010-04-17 09:35:57 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Remere's Map Editor [2012-04-29 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\RotMG.Production [2012-03-22 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Rovio [2012-09-28 18:29:51 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011-10-27 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Teeworlds [2011-06-26 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\TerrariaWorldViewer [2012-06-22 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Thunderbird [2012-01-21 14:38:52 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Trine2 [2012-12-23 18:14:55 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\TS3Client [2012-09-18 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\TuneUp Software [2012-11-19 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Ubisoft [2010-10-16 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Uniblue [2012-11-23 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\uTorrent [2011-12-29 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\wargaming.net [2012-12-23 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Wise Disk Cleaner [2012-06-13 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\Przemek\AppData\Roaming\Wise Registry Cleaner [2012-08-08 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\.anki [2010-08-31 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Alawar [2012-10-30 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\dll-files.com [2010-05-31 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Gadu-Gadu 10 [2012-03-23 19:05:25 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Launchy [2011-05-06 07:49:25 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\LibreOffice [2010-11-22 16:37:31 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\POINTERGHOSTV1 [2010-10-21 12:03:52 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\SpyShelter [2011-10-31 10:47:33 | 000,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:CAEDBDA6 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C43ED645 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report >