OTL logfile created on: 2011-09-12 19:26:51 - Run 2 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\USER\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 42,95 Gb Free Space | 44,03% Space Free | Partition Type: NTFS Drive D: | 99,61 Gb Total Space | 53,14 Gb Free Space | 53,34% Space Free | Partition Type: NTFS Drive E: | 100,82 Gb Total Space | 43,09 Gb Free Space | 42,74% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-KOMPUTER Current User Name: USER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-11 13:38:27 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Downloads\OTL.exe PRC - [2010-11-11 09:32:04 | 00,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-04-02 21:32:34 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009-01-17 16:48:08 | 05,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files (x86)\Tlen.pl\tlen.exe PRC - [2008-12-10 11:02:30 | 00,216,520 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe PRC - [2007-05-16 10:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2007-05-16 10:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-10-26 14:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-09-11 13:38:27 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Downloads\OTL.exe MOD - [2010-08-21 07:21:32 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009-07-14 03:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2008-06-19 14:20:08 | 00,017,408 | ---- | M] () -- C:\Program Files (x86)\Tlen.pl\hook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-06-22 12:25:29 | 01,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:[b]64bit:[/b] - [2009-08-18 03:36:20 | 00,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2011-09-11 20:57:05 | 00,040,960 | ---- | M] () [Auto | Running] -- C:\Users\USER\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011-08-23 07:12:16 | 00,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-05-14 11:44:48 | 00,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-02-08 03:14:52 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-08-02 23:59:27 | 00,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) Usługa Google Update (gupdatem) SRV - [2010-08-02 23:59:27 | 00,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2009-07-14 05:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009-07-14 05:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009-07-14 03:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009-07-13 22:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009-06-10 22:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008-10-25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2006-10-26 14:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-08-23 07:12:20 | 00,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2011-08-23 07:12:20 | 00,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2011-04-28 05:58:42 | 00,552,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT) DRV:[b]64bit:[/b] - [2011-04-28 05:58:34 | 00,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB) DRV:[b]64bit:[/b] - [2010-06-04 00:47:30 | 00,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-01-16 16:05:33 | 00,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2010-01-16 16:05:33 | 00,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 00,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:[b]64bit:[/b] - [2009-10-05 17:34:00 | 01,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-08-18 04:48:48 | 06,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-08-13 08:38:24 | 00,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 00,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 00,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:[b]64bit:[/b] - [2009-07-14 03:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:[b]64bit:[/b] - [2009-07-14 02:07:28 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp) DRV:[b]64bit:[/b] - [2009-07-14 02:07:22 | 00,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 00,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) Urządzenie wideo USB (WDM) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 00,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Urządzenie Bluetooth (sieć osobista) DRV:[b]64bit:[/b] - [2009-07-14 02:06:56 | 00,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Urządzenie Bluetooth (Protokół TDI RFCOMM) DRV:[b]64bit:[/b] - [2009-07-14 02:06:53 | 00,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2009-07-14 02:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 00,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-02-03 12:19:16 | 00,164,992 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\athsgt.sys -- (athsgt) DRV - [2010-02-03 12:19:15 | 00,012,544 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\limsgt.sys -- (limsgt) DRV - [2009-07-14 03:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:16:19 | 00,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009-07-14 03:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009-06-10 23:28:14 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009-06-10 23:15:18 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {c3743f34-4dfb-8422-7f87-75d9b3abf628}:4.6.6.3 FF - prefs.js..extensions.enabledItems: zrzuta.eu@gmail.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-05-22 13:51:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-04 11:35:29 | 00,000,000 | ---D | M] [2010-01-23 15:05:32 | 00,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Extensions [2010-01-23 15:05:32 | 00,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011-09-12 18:16:42 | 00,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\s7temqxv.default\extensions [2010-12-24 13:42:31 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\s7temqxv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-05-16 01:39:27 | 00,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\s7temqxv.default\extensions\zrzuta.eu@gmail.com [2011-09-11 20:57:10 | 00,001,864 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\s7temqxv.default\searchplugins\{620689D7-502B-40BF-9A6B-1D272323E1DC}.xml [2011-09-11 20:57:10 | 00,024,033 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\s7temqxv.default\searchplugins\{6DA62CAA-4F6F-41B0-B3CA-FAFF880E9431}.xml [2011-09-11 20:57:10 | 00,002,516 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\s7temqxv.default\searchplugins\{8E392730-D60A-4FA2-A2CD-1ED51CFCBAA7}.xml [2011-09-11 20:57:10 | 00,002,182 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\s7temqxv.default\searchplugins\{C2647924-9F80-4D8A-95D1-B444B6E4BAE9}.xml [2011-09-11 20:57:10 | 00,002,071 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Mozilla\FireFox\Profiles\s7temqxv.default\searchplugins\{FDB04742-AC5E-4474-8133-B280BCDCE057}.xml [2011-09-12 18:16:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-07-19 20:45:22 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-02-11 11:44:36 | 00,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{c3743f34-4dfb-8422-7f87-75d9b3abf628} [2010-08-25 12:11:16 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-25 12:11:07 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-01-14 00:46:00 | 00,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-09-11 20:57:10 | 00,003,098 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-11 20:57:10 | 00,001,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011-09-11 20:57:10 | 00,001,270 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2011-09-11 20:57:10 | 00,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2011-09-11 20:57:10 | 00,001,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-09-11 20:57:10 | 00,001,990 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 00,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Ocs_SM] C:\Users\USER\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-09-11 21:04:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover [2011-09-11 20:57:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover [2011-09-11 20:57:05 | 00,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\OCS [2011-09-11 14:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-09-11 01:26:48 | 00,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-09-05 21:23:41 | 00,000,000 | ---D | C] -- C:\Users\USER\złudzenia optyczne [2011-09-04 22:47:58 | 00,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes [2011-09-04 22:47:54 | 00,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011-09-04 22:47:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-09-04 22:47:50 | 00,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011-09-04 22:47:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-09-12 19:27:52 | 06,291,456 | -HS- | M] () -- C:\Users\USER\ntuser.dat [2011-09-12 19:04:00 | 00,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-09-12 17:09:25 | 01,532,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-09-12 17:09:25 | 00,691,176 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-09-12 17:09:25 | 00,610,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-09-12 17:09:25 | 00,132,638 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-09-12 17:09:25 | 00,104,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-09-12 17:04:00 | 00,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-09-12 11:42:17 | 00,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-12 11:42:17 | 00,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-12 11:34:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-09-12 11:34:46 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-12 11:34:37 | 24,152,22784 | -HS- | M] () -- C:\hiberfil.sys [2011-09-12 11:08:51 | 01,186,812 | -H-- | M] () -- C:\Users\USER\AppData\Local\IconCache.db [2011-09-11 21:04:26 | 00,001,891 | ---- | M] () -- C:\Users\USER\Desktop\AD-R.lnk [2011-09-11 14:10:36 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-09-11 01:26:48 | 00,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-09-10 09:50:22 | 00,041,472 | ---- | M] () -- C:\Users\USER\Documents\Toksoplazmoza.doc [2011-09-05 16:38:20 | 00,000,001 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Windows.dat [2011-09-04 22:47:54 | 00,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-08-29 18:50:22 | 00,000,536 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011-08-23 07:12:20 | 00,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011-08-23 07:12:20 | 00,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011-08-18 20:31:56 | 00,026,624 | ---- | M] () -- C:\Users\USER\Documents\referat.doc [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-11 21:04:26 | 00,001,891 | ---- | C] () -- C:\Users\USER\Desktop\AD-R.lnk [2011-09-11 14:10:36 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-09-10 09:50:21 | 00,041,472 | ---- | C] () -- C:\Users\USER\Documents\Toksoplazmoza.doc [2011-09-05 16:38:20 | 00,000,001 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Windows.dat [2011-09-04 22:47:54 | 00,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-08-29 18:50:22 | 00,000,536 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011-08-18 20:31:56 | 00,026,624 | ---- | C] () -- C:\Users\USER\Documents\referat.doc [2011-06-14 05:14:05 | 00,000,000 | ---- | C] () -- C:\Users\USER\AppData\Local\{B3DA86BA-7595-4E3B-99FA-02CD9DC57032} [2011-02-20 15:10:48 | 00,000,017 | ---- | C] () -- C:\Users\USER\AppData\Local\resmon.resmoncfg [2010-08-24 23:01:49 | 00,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2010-03-16 19:53:09 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010-02-16 18:48:08 | 00,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2010-02-12 22:53:07 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-02-12 22:53:05 | 02,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2010-02-12 22:53:05 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-02-12 22:53:05 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010-02-12 22:53:04 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2010-02-12 22:53:03 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2010-02-12 22:53:02 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010-02-11 23:03:59 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old [2010-02-11 12:14:21 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-02-03 12:19:16 | 00,164,992 | ---- | C] () -- C:\Windows\SysWow64\drivers\athsgt.sys [2010-02-03 12:19:15 | 00,012,544 | ---- | C] () -- C:\Windows\SysWow64\drivers\limsgt.sys [2010-01-28 18:16:26 | 01,549,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-01-22 20:40:47 | 00,004,608 | ---- | C] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-14 01:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006-09-28 15:55:34 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll [2006-09-26 15:01:40 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2004-01-02 01:28:29 | 00,000,100 | ---- | C] () -- C:\Windows\forevermopt.INI [2004-01-02 01:28:13 | 00,000,320 | ---- | C] () -- C:\Windows\mafosav.INI [2004-01-02 00:05:12 | 00,092,400 | ---- | C] () -- C:\Windows\ktkm7.dll [2004-01-02 00:05:12 | 00,058,192 | ---- | C] () -- C:\Windows\ktkm6.dll [2004-01-02 00:05:12 | 00,055,186 | ---- | C] () -- C:\Windows\ktkm5.dll [2004-01-02 00:05:12 | 00,030,166 | ---- | C] () -- C:\Windows\ktkm9.dll [2004-01-02 00:05:12 | 00,023,364 | ---- | C] () -- C:\Windows\ktkm8.dll [2004-01-02 00:05:12 | 00,022,926 | ---- | C] () -- C:\Windows\ktkm4.dll [2004-01-02 00:05:11 | 00,268,621 | ---- | C] () -- C:\Windows\ktkm33.dll [2004-01-02 00:05:11 | 00,098,442 | ---- | C] () -- C:\Windows\ktkm35.dll [2004-01-02 00:05:11 | 00,082,542 | ---- | C] () -- C:\Windows\ktkm37.dll [2004-01-02 00:05:11 | 00,020,926 | ---- | C] () -- C:\Windows\ktkm36.dll [2004-01-02 00:05:11 | 00,010,240 | ---- | C] () -- C:\Windows\ktkm34.dll [2004-01-02 00:05:10 | 00,326,441 | ---- | C] () -- C:\Windows\ktkm32.dll [2004-01-02 00:05:10 | 00,197,408 | ---- | C] () -- C:\Windows\ktkm29.dll [2004-01-02 00:05:10 | 00,128,042 | ---- | C] () -- C:\Windows\ktkm30.dll [2004-01-02 00:05:10 | 00,116,841 | ---- | C] () -- C:\Windows\ktkm26.dll [2004-01-02 00:05:10 | 00,100,786 | ---- | C] () -- C:\Windows\ktkm28.dll [2004-01-02 00:05:10 | 00,081,427 | ---- | C] () -- C:\Windows\ktkm31.dll [2004-01-02 00:05:10 | 00,065,092 | ---- | C] () -- C:\Windows\ktkm27.dll [2004-01-02 00:05:10 | 00,022,657 | ---- | C] () -- C:\Windows\ktkm3.dll [2004-01-02 00:05:09 | 00,538,410 | ---- | C] () -- C:\Windows\ktkm20.dll [2004-01-02 00:05:09 | 00,524,537 | ---- | C] () -- C:\Windows\ktkm18.dll [2004-01-02 00:05:09 | 00,370,880 | ---- | C] () -- C:\Windows\ktkm22.dll [2004-01-02 00:05:09 | 00,126,720 | ---- | C] () -- C:\Windows\ktkm23.dll [2004-01-02 00:05:09 | 00,070,888 | ---- | C] () -- C:\Windows\ktkm19.dll [2004-01-02 00:05:09 | 00,066,908 | ---- | C] () -- C:\Windows\ktkm17.dll [2004-01-02 00:05:09 | 00,064,070 | ---- | C] () -- C:\Windows\ktkm21.dll [2004-01-02 00:05:09 | 00,056,992 | ---- | C] () -- C:\Windows\ktkm24.dll [2004-01-02 00:05:09 | 00,049,094 | ---- | C] () -- C:\Windows\ktkm25.dll [2004-01-02 00:05:09 | 00,020,974 | ---- | C] () -- C:\Windows\ktkm2.dll [2004-01-02 00:05:08 | 00,803,601 | ---- | C] () -- C:\Windows\ktkm16.dll [2004-01-02 00:05:08 | 00,524,164 | ---- | C] () -- C:\Windows\ktkm12.dll [2004-01-02 00:05:08 | 00,307,617 | ---- | C] () -- C:\Windows\ktkm15.dll [2004-01-02 00:05:08 | 00,209,936 | ---- | C] () -- C:\Windows\ktkm14.dll [2004-01-02 00:05:08 | 00,099,867 | ---- | C] () -- C:\Windows\ktkm13.dll [2004-01-02 00:05:08 | 00,096,166 | ---- | C] () -- C:\Windows\ktkm1.dll [2004-01-02 00:05:08 | 00,062,631 | ---- | C] () -- C:\Windows\ktkm11.dll [2004-01-02 00:05:08 | 00,058,015 | ---- | C] () -- C:\Windows\ktkm10.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< :Files >[/color] [color=#A23BEC]< C:\Users\USER\AppData\LocalLow\AskToolbar >[/color] [color=#A23BEC]< C:\Program Files (x86)\Mozilla FireFox\Components\AskHPRFF.js >[/color] [2010-02-06 21:08:44 | 00,006,141 | ---- | M] () -- C:\Program Files (x86)\Mozilla FireFox\Components\AskHPRFF.js [color=#A23BEC]< >[/color] [color=#A23BEC]< :Reg >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\GenericAskToolbar.ToolbarWnd] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\GenericAskToolbar.ToolbarWnd.1] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2417076] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\AppID\GenericAskToolbar.DLL] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Ask.com] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\AppDataLow\AskBarDis] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\AppDataLow\AskHomePage] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\AppDataLow\AskToolbarInfo] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\AppDataLow\HavingFunOnline] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{686FC442-EEC7-42CA-9FD9-9E57FD66598B}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9E7E262-232D-4507-A71A-85C1739A03AD}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] >[/color] [color=#A23BEC]< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\Software\Classes\.flv\OpenWithList\FLVPlayer.exe] >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >