OTL logfile created on: 2012-02-26 19:35:58 - Run 3 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Mati\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,81% Memory free 6,72 Gb Paging File | 5,44 Gb Available in Paging File | 80,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 71,48 Gb Free Space | 15,35% Space Free | Partition Type: NTFS Drive D: | 87,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATI-PC | User Name: Mati | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-02-25 12:13:01 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mati\Downloads\OTL.exe PRC - [2012-02-15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012-02-14 14:34:56 | 002,717,696 | ---- | M] (Turtle Entertainment GmbH) -- C:\Program Files\EslWire\wire.exe PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012-01-24 13:50:20 | 000,265,120 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe PRC - [2012-01-24 13:50:16 | 000,024,480 | ---- | M] () -- C:\Program Files\EslWire\inGame32.exe PRC - [2012-01-24 13:50:12 | 000,388,096 | ---- | M] () -- C:\Program Files\EslWire\dbus-daemon.exe PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2011-11-10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011-11-10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-11-09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011-09-08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011-08-15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2010-11-17 21:29:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe PRC - [2010-02-03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2009-12-15 19:35:56 | 000,244,224 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-07-03 04:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008-02-18 13:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2008-02-18 13:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2008-02-18 13:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-12-19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe PRC - [2006-11-24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe PRC - [2006-11-02 00:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-15 06:03:36 | 000,429,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll MOD - [2012-02-15 06:03:34 | 003,772,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll MOD - [2012-02-15 06:02:10 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avutil-51.dll MOD - [2012-02-15 06:02:08 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avformat-53.dll MOD - [2012-02-15 06:02:07 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avcodec-53.dll MOD - [2012-02-14 14:33:54 | 006,355,456 | ---- | M] () -- C:\Program Files\EslWire\wireCore.dll MOD - [2012-02-14 14:29:24 | 000,453,120 | ---- | M] () -- C:\Program Files\EslWire\Linesman.dll MOD - [2012-01-24 16:02:42 | 000,208,384 | ---- | M] () -- C:\Program Files\EslWire\laginspect\laginspect.dll MOD - [2012-01-24 15:00:20 | 000,165,888 | ---- | M] () -- C:\Program Files\EslWire\NocIPC32.dll MOD - [2012-01-24 13:50:20 | 002,238,464 | ---- | M] () -- C:\Program Files\EslWire\QtCore4.dll MOD - [2012-01-24 13:50:20 | 001,816,064 | ---- | M] () -- C:\Program Files\EslWire\QtNetwork4.dll MOD - [2012-01-24 13:50:20 | 000,556,544 | ---- | M] () -- C:\Program Files\EslWire\dbus-1.dll MOD - [2012-01-24 13:50:20 | 000,375,296 | ---- | M] () -- C:\Program Files\EslWire\QtDBus4.dll MOD - [2012-01-24 13:50:20 | 000,339,968 | ---- | M] () -- C:\Program Files\EslWire\QtXml4.dll MOD - [2012-01-24 13:50:20 | 000,274,944 | ---- | M] () -- C:\Program Files\EslWire\phonon4.dll MOD - [2012-01-24 13:50:18 | 010,836,992 | ---- | M] () -- C:\Program Files\EslWire\QtWebKit4.dll MOD - [2012-01-24 13:50:16 | 007,994,368 | ---- | M] () -- C:\Program Files\EslWire\QtGui4.dll MOD - [2012-01-24 13:50:16 | 000,024,480 | ---- | M] () -- C:\Program Files\EslWire\inGame32.exe MOD - [2012-01-24 13:50:14 | 000,447,904 | ---- | M] () -- C:\Program Files\EslWire\inGame32.dll MOD - [2012-01-24 13:50:14 | 000,196,096 | ---- | M] () -- C:\Program Files\EslWire\imageformats\qjpeg4.dll MOD - [2012-01-24 13:50:14 | 000,026,624 | ---- | M] () -- C:\Program Files\EslWire\imageformats\qgif4.dll MOD - [2012-01-24 13:50:12 | 000,388,096 | ---- | M] () -- C:\Program Files\EslWire\dbus-daemon.exe MOD - [2012-01-24 13:50:12 | 000,220,672 | ---- | M] () -- C:\Program Files\EslWire\imageformats\qmng4.dll MOD - [2012-01-24 13:50:10 | 000,583,168 | ---- | M] () -- C:\Program Files\EslWire\QtSql4.dll MOD - [2011-12-23 17:50:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\8f9e7faa17ad97b10b90647dc804bd02\WindowsFormsIntegration.ni.dll MOD - [2011-12-23 17:48:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0fa8eb806fadfff925850522a53c3c18\PresentationFramework.Aero.ni.dll MOD - [2011-12-23 17:48:23 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394fd96b27f367e6ffb13bc8c35fdcb2\PresentationFramework.ni.dll MOD - [2011-12-23 17:48:03 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\71446066f8f87652fa7303395df566cc\UIAutomationProvider.ni.dll MOD - [2011-12-23 17:48:00 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\bfbe98e8737c97d8c938275ceca2b1d8\PresentationCore.ni.dll MOD - [2011-12-23 17:47:45 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c681da7e1c7b648cb456f2d90e7c50fe\WindowsBase.ni.dll MOD - [2011-12-23 17:16:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll MOD - [2011-12-23 17:15:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll MOD - [2011-12-23 17:15:56 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll MOD - [2011-12-23 17:15:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll MOD - [2011-12-23 17:15:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll MOD - [2011-12-23 17:15:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll MOD - [2011-12-23 17:03:32 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\670d343c8b3213883fa70837195f7f81\System.Core.ni.dll MOD - [2011-12-23 17:03:28 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll MOD - [2011-12-23 17:03:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll MOD - [2011-11-10 03:11:06 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011-11-09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011-11-09 22:07:50 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2009-12-15 19:35:56 | 000,244,224 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe MOD - [2009-03-31 19:05:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2006-11-24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-01-24 13:50:20 | 000,265,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011-11-10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-11-09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-11-12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2008-02-18 13:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2008-01-18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-18 22:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-18 22:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012-01-24 13:50:10 | 000,836,496 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2011-11-28 13:19:46 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011-11-10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011-11-10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-11-10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011-10-17 18:40:34 | 000,082,960 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011-10-04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011-07-11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011-07-11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011-07-11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011-06-24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2010-11-17 21:29:20 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/15 20:10:37] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-06-01 11:35:22 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-06-01 11:35:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-03-30 22:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010-02-18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-04-11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008-12-26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM) DRV - [2008-02-18 13:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2008-02-18 13:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2008-02-18 13:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2008-02-14 07:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007-08-02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr) DRV - [2007-05-11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007-05-09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007-03-05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007-03-05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2007-03-05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007-03-05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007-03-05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007-03-05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm) DRV - [2005-03-03 19:47:42 | 000,031,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CYUSB.sys -- (CyUsb) DRV - [2004-07-30 08:55:48 | 000,091,830 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P0630Vid.sys -- (P0630VID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idg.pl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idg.pl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idg.pl IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.58 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-25 00:06:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-20 15:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-26 19:21:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-05-03 14:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\Extensions [2012-02-25 22:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions [2011-12-08 22:24:10 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010-06-24 10:06:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-01-10 19:48:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-12-20 23:29:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012-02-13 08:34:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-08-19 14:38:17 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34} [2012-01-31 16:43:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\1olsig9g.default\extensions\battlefieldplay4free@ea.com [2011-12-31 09:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-25 21:31:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-20 15:26:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009-01-28 19:46:54 | 000,307,200 | ---- | M] (ESKA) -- C:\Program Files\mozilla firefox\plugins\npOggX.dll [2009-10-06 10:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll [2011-10-03 15:01:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-10-03 15:01:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-10-03 15:01:09 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-03 15:01:09 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-03 15:01:09 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-03 15:01:09 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Allegro (Enabled) CHR - default_search_provider: search_url = http://www.allegro.pl/search.php?string={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Ogg Player Gecko Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOggX.dll CHR - plugin: OGPlanet Game Launcher Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Turn Off the Lights = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.56_0\ CHR - Extension: Battlefield Play4Free = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\ CHR - Extension: Eurosport.com = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfckibmjhbkjhjplimmnlnmgienindde\1.1.1_0\ CHR - Extension: AVG Safe Search = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Skype Click to Call = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2012-02-26 19:32:52 | 000,000,052 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {640044E9-92A3-4B89-A615-1F65354D3A65} http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab (ccr_downloader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{533D9A5C-F2CF-43EE-AC2A-73DCC76C1910}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mati\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Mati\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-02-11 09:58:57 | 000,022,356 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{c8d606f8-da17-11e0-88d0-00116799260d}\Shell\AutoRun\command - "" = F:\APPInst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-02-25 23:02:47 | 000,000,000 | ---D | C] -- C:\_OTL [2012-02-25 17:41:44 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\sandraaa [2012-02-25 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\magdaaa [2012-02-25 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Battlefield Play4Free [2012-02-25 00:35:48 | 000,000,000 | -H-D | C] -- C:\$AVG [2012-02-25 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\AVG2012 [2012-02-25 00:06:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012-02-25 00:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012-02-25 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012-02-25 00:05:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012-02-25 00:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012-02-20 12:35:38 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Prototype [2012-02-17 17:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball Game [2012-02-17 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball Game [2012-02-17 17:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\DX-Ball [2012-02-03 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\dystrofia_pliki [2012-01-31 19:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012-01-31 19:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012-01-31 17:19:20 | 000,000,000 | ---D | C] -- C:\Users\Mati\Documents\Battlefield Play4Free [2012-01-30 00:06:40 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Przypinki [2011-04-29 15:33:31 | 002,437,120 | ---- | C] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak [2010-04-22 19:07:33 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll [1 C:\Users\Mati\AppData\Local\*.tmp files -> C:\Users\Mati\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-02-26 19:32:52 | 000,000,052 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-02-26 19:29:01 | 000,005,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-02-26 19:29:01 | 000,005,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-02-26 19:23:24 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-02-26 19:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-02-26 19:23:14 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys [2012-02-26 19:21:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-02-26 18:03:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3812926025-1807230701-1176693485-1000UA.job [2012-02-26 15:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3812926025-1807230701-1176693485-1000Core.job [2012-02-26 11:06:19 | 090,147,006 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012-02-25 17:57:31 | 000,015,872 | ---- | M] () -- C:\Users\Mati\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-25 12:05:27 | 000,104,544 | ---- | M] () -- C:\Users\Mati\Documents\odpowiedz do matiego.mp3 [2012-02-25 00:06:29 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012-02-24 22:28:24 | 000,721,080 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-02-24 22:28:24 | 000,640,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-02-24 22:28:24 | 000,154,970 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-02-24 22:28:24 | 000,122,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-02-16 06:27:43 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012-02-07 21:19:51 | 000,001,989 | ---- | M] () -- C:\Users\Mati\Desktop\Google Chrome.lnk [2012-02-06 13:06:29 | 000,031,744 | ---- | M] () -- C:\Users\Mati\Desktop\sprzeciw1.dot [2012-02-05 06:51:52 | 000,522,314 | ---- | M] () -- C:\Users\Mati\Desktop\orzeczenie.jpg [2012-02-03 07:50:39 | 000,036,675 | ---- | M] () -- C:\Users\Mati\Desktop\dystrofia.htm [2012-01-31 19:48:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012-01-31 19:42:41 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-01-31 19:30:47 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012-01-31 17:12:30 | 000,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-01-31 17:12:30 | 000,138,056 | ---- | M] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys [2012-01-31 15:21:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Users\Mati\AppData\Local\*.tmp files -> C:\Users\Mati\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-02-26 11:06:19 | 090,147,006 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012-02-25 12:05:12 | 000,104,544 | ---- | C] () -- C:\Users\Mati\Documents\odpowiedz do matiego.mp3 [2012-02-25 00:06:29 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012-02-07 21:19:51 | 000,001,989 | ---- | C] () -- C:\Users\Mati\Desktop\Google Chrome.lnk [2012-02-06 13:06:28 | 000,031,744 | ---- | C] () -- C:\Users\Mati\Desktop\sprzeciw1.dot [2012-02-05 06:51:51 | 000,522,314 | ---- | C] () -- C:\Users\Mati\Desktop\orzeczenie.jpg [2012-02-03 07:50:37 | 000,036,675 | ---- | C] () -- C:\Users\Mati\Desktop\dystrofia.htm [2012-01-31 19:42:41 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-01-31 19:42:41 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012-01-31 19:30:47 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012-01-20 15:39:17 | 000,000,000 | ---- | C] () -- C:\Users\Mati\AppData\Local\{07622CC9-91C8-49B3-8B86-B17373403084} [2012-01-14 15:01:01 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011-12-21 19:51:33 | 000,000,000 | ---- | C] () -- C:\Users\Mati\AppData\Local\{C3A9CF36-F08F-462E-AF9C-7F7EBC3CEB9C} [2011-11-10 03:11:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011-11-09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011-11-09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011-10-21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-10-01 11:56:59 | 000,000,945 | ---- | C] () -- C:\Windows\disney.ini [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-04-29 15:33:26 | 002,026,951 | ---- | C] () -- C:\ProgramData\Tibia_pic.bak [2011-04-29 15:33:12 | 049,313,506 | ---- | C] () -- C:\ProgramData\Tibia_spr.bak [2011-04-29 15:32:44 | 000,348,523 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak [2011-03-09 18:24:48 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-12-29 16:25:24 | 000,138,056 | ---- | C] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys [2010-08-24 22:18:24 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-08-24 22:18:17 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-08-24 22:18:11 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-06-01 11:34:42 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-06-01 11:34:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [color=#E56717]========== LOP Check ==========[/color] [2009-09-15 19:38:15 | 000,000,000 | -HSD | M] -- C:\Users\Mati\AppData\Roaming\.# [2011-03-25 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\.minecraft [2010-12-20 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\abgx360 [2012-02-24 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\AIMP [2010-07-28 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\AnvSoft [2012-02-25 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\AVG2012 [2010-02-10 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Avnex [2009-07-26 12:03:57 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\DAEMON Tools Lite [2009-07-08 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\ESET [2010-03-01 23:02:25 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\FOG Downloader [2009-07-09 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Gadu-Gadu [2010-10-29 14:18:02 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Gadu-Gadu 10 [2009-09-27 12:21:49 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\GHISLER [2011-07-29 19:10:00 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Guitar Pro 6 [2009-12-28 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\ImgBurn [2009-08-15 20:02:16 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\IrfanView [2009-10-04 18:38:38 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Leadertech [2011-07-29 21:07:17 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\LolClient [2010-12-06 21:28:54 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Mumble [2011-11-25 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\ooVoo Details [2010-07-07 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\OpenFM [2010-03-09 18:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Razer [2010-04-25 13:03:51 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\TeamViewer [2012-01-14 16:49:08 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\TS3Client [2010-02-22 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Turbine [2012-01-29 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\uTorrent [2009-07-08 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\VitySoft [2012-02-26 15:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812926025-1807230701-1176693485-1000Core.job [2012-02-26 18:03:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812926025-1807230701-1176693485-1000UA.job [2012-02-26 19:22:04 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 332 bytes -> C:\ProgramData\TEMP:6BE50C2B @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:661DFA1C @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D06A4C76 < End of report >