OTL logfile created on: 2013-05-12 17:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Krzysiek\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1,50 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 58,90% Memory free
4,35 Gb Paging File | 3,77 Gb Available in Paging File | 86,68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 2,59 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 18,01 Gb Free Space | 23,06% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 16,50 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive F: | 39,53 Gb Total Space | 14,43 Gb Free Space | 36,50% Space Free | Partition Type: NTFS
Drive G: | 36,13 Gb Total Space | 8,40 Gb Free Space | 23,26% Space Free | Partition Type: NTFS
Drive H: | 36,13 Gb Total Space | 8,72 Gb Free Space | 24,13% Space Free | Partition Type: NTFS
 
Computer Name: STACJA | User Name: Krzysiek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-05-12 17:31:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Pulpit\OTL.exe
PRC - [2013-04-26 18:31:59 | 001,815,248 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2013-04-25 02:30:15 | 004,443,912 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013-04-25 02:29:48 | 009,478,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2013-04-15 19:38:17 | 003,012,816 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
PRC - [2013-04-12 12:33:58 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-03-28 17:30:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013-03-28 17:29:53 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013-03-28 17:29:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013-03-28 17:29:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-11-29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-04-12 12:33:58 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-11-29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012-09-19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006-11-17 18:29:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013-04-25 02:30:15 | 004,443,912 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013-04-15 19:38:18 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013-03-28 17:30:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-03-28 17:29:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008-07-25 12:17:02 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (rkhdrv40)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2013-05-11 10:22:06 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzq0nze3.sys -- (uzq0nze3)
DRV - [2013-04-25 12:05:20 | 000,099,392 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013-04-15 19:38:59 | 000,032,816 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013-04-15 19:38:58 | 000,592,384 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013-04-15 19:38:58 | 000,018,528 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2013-03-28 17:30:04 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013-03-28 17:30:04 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013-03-28 17:30:04 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013-03-28 16:21:21 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2013-03-28 16:21:20 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012-08-27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006-12-21 16:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004-09-28 04:00:00 | 000,026,240 | ---- | M] (Totalidea Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RamDsk.sys -- (Ramdisk)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.backup.ftp: "62.85.54.110"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "62.85.54.110"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "62.85.54.110"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "213.180.131.135"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "213.180.131.135"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.180.131.135"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "213.180.131.135"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-01-26 04:15:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-26 04:15:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-12 12:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-05-11 00:07:09 | 000,000,000 | ---D | M]
 
[2013-04-19 16:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions
[2013-04-19 16:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\xogya16e.default-1356703469125\extensions
[2013-04-12 12:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-04-12 12:33:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-02-19 21:14:44 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-19 21:14:44 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-19 21:14:44 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-19 21:14:44 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-19 21:14:44 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-19 21:14:44 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2013-02-27 19:44:45 | 000,445,672 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15308 more lines...
O3 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356438587286 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365088854812 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DA7F5FE-9FB9-4691-8A66-8240A035B7F5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DA7F5FE-9FB9-4691-8A66-8240A035B7F5}: NameServer = 8.26.56.26,156.154.70.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-25 13:09:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-03-25 20:52:29 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-05-14 22:19:17 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-02-27 21:56:49 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O32 - AutoRun File - [2009-05-14 22:19:17 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-05-14 22:19:17 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-05-12 17:31:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Pulpit\OTL.exe
[2013-05-12 17:23:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013-05-12 17:23:33 | 000,000,000 | ---D | C] -- C:\JRT
[2013-05-12 04:57:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Recent
[2013-05-11 00:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX
[2013-05-09 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2013-05-04 13:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Menu Start\Programy\Deer Drive
[2013-05-04 13:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\25Assist
[2013-05-04 12:50:14 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2013-04-26 22:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\1 egzamin
[2013-04-22 22:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\egzamin
[2013-04-19 16:51:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Krzysiek\PrintHood
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft Help
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Media Player Classic
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Mail.Ru
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Identities
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DRPSu
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Deployment
[2013-04-19 16:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\.thumbnails
[2013-04-19 16:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2013-04-19 16:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Threat Expert
[2013-04-18 21:45:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Krzysiek\NetHood
[2013-04-18 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2013
[2012-12-29 20:54:17 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Process.exe
[2012-12-29 20:54:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\beep.sys
[2012-12-29 20:54:16 | 029,634,504 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\scan.exe
[2012-12-29 20:54:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\tskill.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-05-12 17:32:34 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013-05-12 17:31:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Pulpit\OTL.exe
[2013-05-12 17:01:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-05-12 13:09:04 | 000,186,843 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\world.JPG
[2013-05-12 12:53:46 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\world.bmp
[2013-05-12 07:28:15 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-11 20:57:59 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-05-11 20:57:59 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-05-11 20:31:42 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-05-11 18:01:23 | 479,152,578 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\447051e31023b4ea74d472ab9de5604a[1].flv
[2013-05-11 10:22:06 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzq0nze3.sys
[2013-05-10 19:30:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
[2013-05-10 19:25:40 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-05-10 19:25:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-05-08 00:15:06 | 000,139,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-05-08 00:14:52 | 000,233,920 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013-05-07 23:58:59 | 000,233,920 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013-05-05 18:41:37 | 001,782,746 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\BIt1.wav
[2013-05-04 14:17:14 | 000,138,904 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PnkBstrK.sys
[2013-05-04 13:17:55 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Purchase Deer Drive.lnk
[2013-05-04 13:17:55 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Deer Drive.lnk
[2013-05-04 12:50:14 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2013-05-04 09:32:09 | 000,012,146 | ---- | M] () -- C:\Documents and Settings\Krzysiek\AVGIDSAgent
[2013-05-03 18:35:03 | 000,671,762 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Frolowicz Przysiezna Moja sprawnosc i zdrowie Przewodnik metodyczny dla nauczycieli II etpu edukacji maszynopis.pdf
[2013-05-03 17:02:48 | 634,062,136 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\d9a499fc348587c5038f39c5450f96ec[1].flv
[2013-05-01 20:57:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-04-30 19:21:22 | 000,225,908 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\bez tytułu.JPG
[2013-04-27 23:24:47 | 000,000,239 | -HS- | M] () -- C:\boot.ini
[2013-04-25 22:08:09 | 007,729,036 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Karty NPR.zip
[2013-04-25 12:05:20 | 000,099,392 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2013-04-23 16:04:10 | 000,348,048 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2013-04-22 21:34:03 | 000,997,318 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Testy NPR.zip
[2013-04-18 18:27:48 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Win3944_ConfigDB.dlx
[2013-04-18 18:27:48 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\System8638Conf Collection
[2013-04-15 19:38:59 | 000,032,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2013-04-15 19:38:58 | 000,592,384 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2013-04-15 19:38:58 | 000,018,528 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2013-04-15 19:38:37 | 000,035,488 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013-04-15 19:38:25 | 000,276,688 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013-04-15 19:38:24 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll
[2013-04-12 18:51:05 | 000,332,241 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\photoaf.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-05-12 13:09:04 | 000,186,843 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\world.JPG
[2013-05-12 12:53:46 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\world.bmp
[2013-05-12 07:28:15 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-11 18:33:58 | 479,152,578 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\447051e31023b4ea74d472ab9de5604a[1].flv
[2013-05-11 10:22:06 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzq0nze3.sys
[2013-05-10 19:30:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
[2013-05-05 18:41:37 | 001,782,746 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\BIt1.wav
[2013-05-04 13:39:40 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2013-05-04 13:17:55 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Purchase Deer Drive.lnk
[2013-05-04 13:17:55 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Deer Drive.lnk
[2013-05-04 13:11:03 | 000,139,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-05-04 13:10:48 | 000,233,920 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013-05-04 13:10:48 | 000,233,920 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013-05-04 13:10:31 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013-05-04 09:32:09 | 000,012,146 | ---- | C] () -- C:\Documents and Settings\Krzysiek\AVGIDSAgent
[2013-05-03 18:34:59 | 000,671,762 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Frolowicz Przysiezna Moja sprawnosc i zdrowie Przewodnik metodyczny dla nauczycieli II etpu edukacji maszynopis.pdf
[2013-05-03 18:12:24 | 634,062,136 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\d9a499fc348587c5038f39c5450f96ec[1].flv
[2013-04-30 19:21:22 | 000,225,908 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\bez tytułu.JPG
[2013-04-22 21:36:45 | 007,729,036 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Karty NPR.zip
[2013-04-22 21:34:02 | 000,997,318 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Testy NPR.zip
[2013-04-18 18:27:48 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Win3944_ConfigDB.dlx
[2013-04-18 18:27:48 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\System8638Conf Collection
[2013-04-12 18:51:04 | 000,332,241 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\photoaf.jpg
[2013-04-08 00:55:12 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2013-04-03 16:08:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\KillSwitch.INI
[2013-04-03 16:06:28 | 000,001,638 | ---- | C] () -- C:\WINDOWS\cce.INI
[2013-03-28 16:21:21 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2013-03-28 16:21:20 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2013-03-03 21:07:38 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
[2013-02-04 22:18:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI
[2013-01-13 16:02:23 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2013-01-13 15:18:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-12 11:31:35 | 000,000,233 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013-01-12 11:10:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2013-01-12 11:10:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2013-01-12 11:10:55 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2013-01-11 07:35:07 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini
[2013-01-09 20:39:36 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-01-09 20:39:36 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-01-09 20:39:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-01-09 20:38:25 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013-01-09 20:23:53 | 000,315,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2013-01-07 19:48:02 | 000,000,245 | ---- | C] () -- C:\WINDOWS\game.ini
[2013-01-07 18:01:06 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PnkBstrK.sys
[2013-01-03 18:04:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012-12-29 20:54:17 | 000,951,291 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\remregfix.reg
[2012-12-29 20:54:17 | 000,610,455 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\HOSTS
[2012-12-29 20:54:17 | 000,018,308 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\IEDef.reg
[2012-12-29 20:54:17 | 000,005,228 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\nfig.reg
[2012-12-29 20:54:17 | 000,004,994 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\s.reg
[2012-12-29 20:54:17 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\hpregfix.reg
[2012-12-29 20:54:17 | 000,003,008 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\bgregfix.reg
[2012-12-29 20:54:17 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\exefix.reg
[2012-12-29 20:54:17 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\regf.reg
[2012-12-29 20:54:17 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\databasepath.reg
[2012-12-29 20:54:17 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Remove-itRestorePoint.vbs
[2012-12-25 23:01:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-12-25 22:05:42 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-12-25 18:14:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012-12-25 16:07:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012-12-25 15:24:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-12-25 14:56:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012-12-25 14:51:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-25 13:59:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-25 13:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-25 13:07:22 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-12-25 13:06:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\clbcatexx.dll
[2012-12-11 16:56:37 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2012-12-26 10:56:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 23:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013-04-08 01:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\eLicenser
[2013-03-04 21:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KSPlus
[2013-03-29 21:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Licenses
[2013-02-16 20:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MicroWorld
[2013-03-22 19:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments
[2013-05-04 11:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon
[2013-05-04 11:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2013-03-25 21:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
[2013-04-02 18:51:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Shared Space
[2013-04-08 00:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Syncrosoft
[2013-03-29 21:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-05-09 00:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\25Assist
[2013-02-25 17:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ambient Design
[2013-02-24 03:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BTDongle
[2013-02-28 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Daichi
[2013-04-19 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DRPSu
[2013-03-25 21:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Easeware
[2013-02-13 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Image-Line
[2013-01-04 11:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\LocalLow
[2013-03-10 22:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NapiProjekt
[2012-12-27 19:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Sky Bros
[2012-12-25 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TestApp
[2013-03-02 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Unity
[2012-12-26 02:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Wargaming.net
[2012-12-25 16:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C43ED645
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >