OTL logfile created on: 2012-06-12 10:01:43 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\BJ11008\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,93 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,77% Memory free 15,86 Gb Paging File | 13,94 Gb Available in Paging File | 87,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 57,88 Gb Free Space | 59,33% Space Free | Partition Type: NTFS Drive D: | 423,70 Gb Total Space | 379,84 Gb Free Space | 89,65% Space Free | Partition Type: NTFS Drive E: | 410,16 Gb Total Space | 405,03 Gb Free Space | 98,75% Space Free | Partition Type: NTFS Computer Name: BJ11008-BJ11008 | User Name: BJ11008 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - D:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.) PRC - C:\Users\BJ11008\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Neostrada tp\TP.exe (ZTE) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - D:\Programy\Gadu-Gadu 10\gglog.dll () MOD - D:\Programy\Gadu-Gadu 10\ggipcradioproxy.dll () MOD - D:\Programy\Gadu-Gadu 10\ggipc.dll () MOD - D:\Programy\Gadu-Gadu 10\ggcrypto.dll () MOD - D:\Programy\Gadu-Gadu 10\ggcommon.dll () MOD - D:\Programy\Gadu-Gadu 10\QtWebKit4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtScript4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtXml4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtSvg4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtNetwork4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtGui4.dll () MOD - D:\Programy\Gadu-Gadu 10\QtCore4.dll () MOD - D:\Programy\Gadu-Gadu 10\imageformats\qtiff4.dll () MOD - D:\Programy\Gadu-Gadu 10\imageformats\qmng4.dll () MOD - D:\Programy\Gadu-Gadu 10\imageformats\qjpeg4.dll () MOD - D:\Programy\Gadu-Gadu 10\imageformats\qgif4.dll () MOD - D:\Programy\Gadu-Gadu 10\imageformats\qsvg4.dll () MOD - D:\Programy\Gadu-Gadu 10\zlib1.dll () MOD - C:\Windows\SysWOW64\actskn43.ocx () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (ghsnmea) -- C:\Windows\SysNative\drivers\ghsnmea.sys (HS Incorporated) DRV:[b]64bit:[/b] - (ghsmdm) -- C:\Windows\SysNative\drivers\ghsmdm.sys (HS Incorporated) DRV:[b]64bit:[/b] - (ghsdiagMDM) -- C:\Windows\SysNative\drivers\ghsdiagMDM.sys (HS Incorporated) DRV:[b]64bit:[/b] - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:[b]64bit:[/b] - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:[b]64bit:[/b] - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:[b]64bit:[/b] - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:[b]64bit:[/b] - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:[b]64bit:[/b] - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (usb_rndis) -- C:\Windows\SysNative\drivers\usb8023.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (Axtmvprt) -- C:\Windows\SysNative\drivers\Axtmvprt.sys (Axesstel) DRV:[b]64bit:[/b] - (Axtmvmdm) -- C:\Windows\SysNative\drivers\Axtmvmdm.sys (Axesstel) DRV:[b]64bit:[/b] - (Axtmvflt) -- C:\Windows\SysNative\drivers\Axtmvflt.sys (Axesstel) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/idg/idg_1326405615_424353 IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\prxtbmobi.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1605787 IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\prxtbmobi.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes,DefaultScope = {985AFE1C-9393-4885-AE0E-35FC81B30D23} IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{73186F06-A552-4020-AB41-2075A1849522}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787 IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A8F88240-B0A6-42B6-8802-58702E24DD64}&mid=f5581451906d47d1a3a8cd26234fc0c3-26264e8a4a3125d25ccafd37665090509b86d6a5&lang=pl&ds=AVG&pr=pr&d=2012-06-05 11:06:45&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{985AFE1C-9393-4885-AE0E-35FC81B30D23}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{9E62753E-6E67-48c6-9F25-0EBC7EF48E73}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google " FF - prefs.js..browser.search.defaultthis.engineName: "mobilewitch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Google " FF - prefs.js..browser.search.selectedEngine: "mobilewitch Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1605787&SearchSource=13" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=2&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-06-05 11:05:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-06-05 11:06:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-06-05 11:04:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-01 14:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-07-17 14:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Extensions [2012-06-01 07:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Firefox\Profiles\e2ej4d7z.default\extensions [2012-01-13 12:03:22 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Firefox\Profiles\e2ej4d7z.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012-06-01 07:46:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Firefox\Profiles\e2ej4d7z.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2012-06-01 07:46:29 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Firefox\Profiles\e2ej4d7z.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2012-06-01 07:46:30 | 000,000,000 | ---D | M] (MobileScoop Community Toolbar) -- C:\Users\BJ11008\AppData\Roaming\mozilla\Firefox\Profiles\e2ej4d7z.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23} [2012-01-02 16:16:32 | 000,000,925 | ---- | M] () -- C:\Users\BJ11008\AppData\Roaming\Mozilla\Firefox\Profiles\e2ej4d7z.default\searchplugins\conduit.xml [2012-03-14 23:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-06-11 17:34:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-06-05 11:04:59 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012-06-05 11:05:00 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4 [2012-06-05 11:06:52 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012-06-01 14:18:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-06-01 14:18:41 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-05 11:06:32 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012-06-01 14:18:41 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-01 14:18:41 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-01 14:18:41 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-01-13 00:00:15 | 000,002,415 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2012-06-01 14:18:41 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-01 14:18:41 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT1605787 CHR - default_search_provider: suggest_url = http://search.conduit.com/ CHR - Extension: Complitly plugin for chrome = C:\Users\BJ11008\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: mobilewitch = C:\Users\BJ11008\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlkamjopkamckcfiolblkngeeocmloo\2.3.3.3_0\ CHR - Extension: avast! WebRep = C:\Users\BJ11008\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\ CHR - Extension: No name found = C:\Users\BJ11008\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\ CHR - Extension: BitTorrentBar = C:\Users\BJ11008\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.0.1.4_0\ O1 HOSTS File: ([2012-06-11 18:22:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\BJ11008\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2:[b]64bit:[/b] - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\BJ11008\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\prxtbmobi.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (mobilewitch Toolbar) - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\prxtbmobi.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\..\Toolbar\WebBrowser: (mobilewitch Toolbar) - {FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - C:\Program Files (x86)\mobilewitch\prxtbmobi.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000..\Run: [RGSC] D:\Gry\Gta 4\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-2856585695-615309407-1522262835-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2856585695-615309407-1522262835-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2856585695-615309407-1522262835-1007..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2856585695-615309407-1522262835-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5804E12D-3A9F-4225-ABDE-9EB4EB42DC68}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D28005-435D-48E5-BAB7-30AC25EAAB16}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85EBE8F-8D0A-494C-9437-E7B536D27E89}: NameServer = 194.204.152.34 194.204.159.1 O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-12 10:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-06-12 10:03:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012-06-11 18:29:29 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\Desktop\Sality_RegKeys [2012-06-11 18:22:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-06-11 17:34:36 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012-06-11 16:54:25 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\BJ11008\Desktop\SalityKiller.exe [2012-06-11 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\Desktop\Sality [2012-06-11 10:01:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\BJ11008\Desktop\OTL.exe [2012-06-11 09:40:52 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-06-10 19:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neostrada tp [2012-06-10 19:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neostrada tp [2012-06-09 12:47:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-06-09 12:47:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-06-09 12:47:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-06-09 12:37:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012-06-09 12:37:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-06-09 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\Desktop\RoyalWarfare+Client(bez patcha) [2012-06-05 11:07:10 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\AppData\Local\AVG Secure Search [2012-06-05 11:04:50 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\AppData\Roaming\AVG2012 [2012-06-01 12:21:24 | 000,000,000 | ---D | C] -- C:\Users\BJ11008\AppData\Local\SKIDROW [2012-06-01 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2012-05-31 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012-05-31 21:01:13 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012-05-31 21:01:13 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012-05-31 21:01:12 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012-05-31 21:01:12 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012-05-31 21:01:12 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012-05-31 21:01:12 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012-05-31 21:01:12 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012-05-31 21:01:12 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012-05-31 21:01:12 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012-05-31 21:01:12 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012-05-31 21:01:12 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012-05-31 21:01:12 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012-05-31 21:01:12 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012-05-31 21:01:12 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012-05-31 21:01:12 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012-05-31 21:01:12 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012-05-31 21:01:12 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012-05-31 21:01:12 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2012-05-31 21:01:12 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2012-05-31 21:01:12 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012-05-31 21:01:12 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012-05-14 00:00:47 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012-05-14 00:00:45 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012-05-14 00:00:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012-05-14 00:00:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-12 10:04:17 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-12 10:04:16 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-12 10:04:01 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012-06-12 10:03:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012-06-12 10:03:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012-06-12 10:03:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012-06-12 10:02:50 | 100,224,826 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012-06-12 09:56:46 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012-06-12 09:56:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-06-12 09:56:33 | 2090,459,135 | -HS- | M] () -- C:\hiberfil.sys [2012-06-11 18:22:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-06-11 16:53:24 | 000,001,490 | ---- | M] () -- C:\Users\BJ11008\Desktop\ComboFix — skrót.lnk [2012-06-11 10:01:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\BJ11008\Desktop\OTL.exe [2012-06-10 20:27:32 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012-06-10 19:56:38 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Neostrada tp.lnk [2012-06-10 19:34:25 | 001,663,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-06-10 19:34:25 | 000,737,958 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-06-10 19:34:25 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-06-10 19:34:25 | 000,154,646 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-06-10 19:34:25 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-06-10 15:48:43 | 000,202,173 | ---- | M] () -- C:\Users\BJ11008\Desktop\ze skana.png [2012-06-09 11:52:31 | 000,202,240 | ---- | M] () -- C:\Windows\SysWow64\Antihack.dll [2012-06-06 17:16:48 | 000,066,065 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012-06-05 11:17:04 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm [2012-05-15 12:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012-05-15 12:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012-05-15 12:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012-05-15 12:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012-05-15 12:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012-05-15 12:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012-05-15 12:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012-05-15 12:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012-05-15 12:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012-05-15 12:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012-05-15 12:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012-05-15 12:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012-05-15 12:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012-05-15 12:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012-05-15 12:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012-05-15 12:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012-05-15 12:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012-05-15 12:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2012-05-15 12:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012-05-15 12:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012-05-15 12:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2012-05-15 12:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2012-05-15 12:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012-05-15 12:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012-05-15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012-05-15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012-05-15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012-05-15 11:29:46 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012-05-15 11:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012-05-15 11:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012-05-15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012-05-15 11:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012-05-15 11:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012-05-15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [2012-05-14 10:17:17 | 004,830,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-12 10:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012-06-12 10:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012-06-12 10:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012-06-11 16:53:24 | 000,001,490 | ---- | C] () -- C:\Users\BJ11008\Desktop\ComboFix — skrót.lnk [2012-06-10 19:56:38 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx [2012-06-10 19:56:38 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Neostrada tp.lnk [2012-06-10 15:48:42 | 000,202,173 | ---- | C] () -- C:\Users\BJ11008\Desktop\ze skana.png [2012-06-09 12:47:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-06-09 12:47:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-06-09 12:47:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-06-09 12:47:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-06-09 12:47:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-06-05 11:13:55 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl [2012-06-05 11:06:58 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012-02-05 23:08:40 | 001,638,686 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-09-19 20:13:30 | 000,000,000 | ---- | C] () -- C:\Users\BJ11008\AppData\Local\{19C4F777-202A-4CF1-9529-4CE352A4C29E} [2011-08-20 19:11:00 | 000,000,000 | ---- | C] () -- C:\Users\BJ11008\AppData\Local\{5D095B1B-7AD0-4CA9-A6C1-6E3225BD5E2A} [2011-08-02 13:25:43 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\Antihack.dll [2011-06-24 12:29:38 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011-06-24 12:18:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [color=#E56717]========== LOP Check ==========[/color] [2012-06-05 11:04:50 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\AVG2012 [2011-07-28 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\BitTorrent [2012-01-13 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\Complitly [2011-07-15 17:53:27 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\Gadu-Gadu 10 [2012-05-03 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\GHISLER [2011-07-15 16:57:22 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\OpenFM [2011-12-18 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\Sony [2012-05-03 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\TS3Client [2012-02-08 12:28:59 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\ts3overlay [2012-06-01 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\BJ11008\AppData\Roaming\uTorrent [2012-06-05 11:04:51 | 000,000,000 | ---D | M] -- C:\Users\ewelina\AppData\Roaming\AVG2012 [2011-10-02 07:37:31 | 000,000,000 | ---D | M] -- C:\Users\ewelina\AppData\Roaming\Gadu-Gadu 10 [2012-06-05 11:04:51 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\AVG2012 [2012-04-23 09:43:03 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< :Files >[/color] [color=#E56717]========== Drive Information ==========[/color] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: ST1000DL002-9TT153 ATA Device Partitions: 4 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 0,00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 98,00GB Starting Offset: 105906176 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 424,00GB Starting Offset: 104857600000 Hidden sectors: 0 DeviceID: Disk #0, Partition #3 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 410,00GB Starting Offset: 559801171968 Hidden sectors: 0 [color=#E56717]========== Drive Information ==========[/color] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: ST1000DL002-9TT153 ATA Device Partitions: 4 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 0,00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 98,00GB Starting Offset: 105906176 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 424,00GB Starting Offset: 104857600000 Hidden sectors: 0 DeviceID: Disk #0, Partition #3 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 410,00GB Starting Offset: 559801171968 Hidden sectors: 0 [color=#A23BEC]< netsh firewall reset /C >[/color] WA˝NE: Polecenie zostaˆo wykonane pomy˜lnie. Jednak polecenie "netsh firewall" jest wycofywane. Zamiast niego naleľy uľywa† polecenia "netsh advfirewall firewall". Wi©cej informacji na temat uľywania polecenia "netsh advfirewall firewall" zamiast polecenia "netsh firewall" moľna znale«† w artykule 947709 z Bazy wiedzy pod adresem http://go.microsoft.com/fwlink/?linkid=121488. Ok. [color=#A23BEC]< >[/color] [color=#A23BEC]< :Reg >[/color] [color=#A23BEC]< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] >[/color] [color=#A23BEC]< ""="@SYS:DoesNotExist" >[/color] [color=#A23BEC]< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] >[/color] [color=#A23BEC]< "SuperHidden"=dword:00000001 >[/color] [color=#A23BEC]< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] >[/color] [color=#A23BEC]< "Hidden"=dword:00000001 >[/color] [color=#A23BEC]< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] >[/color] [color=#A23BEC]< "ShowSuperHidden"=dword:00000001 >[/color] [color=#A23BEC]< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >[/color] [color=#A23BEC]< "CheckedValue"=dword:00000001 >[/color] [color=#A23BEC]< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] >[/color] [color=#A23BEC]< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] >[/color] [color=#A23BEC]< @="" >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< :Commands >[/color] [color=#A23BEC]< [emptytemp] >[/color] < End of report >