OTL logfile created on: 2013-01-15 13:53:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Domownik\Desktop Ultimate Edition (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.16562) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,51% Memory free 6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,59 Gb Total Space | 36,25 Gb Free Space | 32,19% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 32,85 Gb Free Space | 33,64% Space Free | Partition Type: NTFS Drive E: | 244,14 Gb Total Space | 45,71 Gb Free Space | 18,72% Space Free | Partition Type: NTFS Drive F: | 244,14 Gb Total Space | 26,82 Gb Free Space | 10,99% Space Free | Partition Type: NTFS Drive G: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 931,51 Gb Total Space | 24,20 Gb Free Space | 2,60% Space Free | Partition Type: NTFS Computer Name: AUTO | User Name: Domownik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-01-15 13:52:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Domownik\Desktop\OTL.exe PRC - [2012-12-29 14:28:53 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe PRC - [2012-12-20 17:04:14 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-09-28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012-09-28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012-04-04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-05-01 08:47:49 | 000,139,264 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe PRC - [2010-10-21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe PRC - [2010-10-21 09:38:32 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe PRC - [2010-10-21 09:38:32 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe PRC - [2010-10-21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe PRC - [2010-08-03 14:39:52 | 003,144,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-06-04 08:51:06 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-02-12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-03-03 11:57:19 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll MOD - [2011-03-03 11:52:24 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll MOD - [2011-03-03 11:52:16 | 011,912,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll MOD - [2011-03-03 11:52:02 | 000,767,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll MOD - [2011-03-03 11:51:08 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll MOD - [2011-03-02 20:14:10 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll MOD - [2011-03-02 20:13:51 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll MOD - [2011-03-02 20:13:19 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll MOD - [2011-03-02 20:13:17 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll MOD - [2011-03-02 20:12:50 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll MOD - [2011-03-02 20:12:32 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll MOD - [2011-03-02 20:12:19 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll MOD - [2011-03-02 20:12:12 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll MOD - [2011-03-02 20:12:07 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll MOD - [2011-03-02 20:11:53 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll MOD - [2011-03-02 20:11:42 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll MOD - [2010-10-21 09:38:34 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009-03-26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009-03-17 10:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\System32\OemSpiE.dll MOD - [2009-02-06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-01-09 20:08:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-01-06 16:28:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-09-28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012-04-04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-08-30 16:49:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011-05-01 08:47:49 | 000,139,264 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7) SRV - [2010-10-21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010-10-21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-02-12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009-12-22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-11-06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Domownik\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys) DRV - [2012-10-30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-10-30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-10-30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-10-30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012-10-30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-10-15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012-09-28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012-09-28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-05-14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011-11-21 17:31:02 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011-07-30 15:30:22 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-07-30 15:30:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-03-04 17:51:26 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-10-05 13:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2010-10-05 13:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2010-10-05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2010-02-24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009-12-22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-09-19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-09-19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2009-09-19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009-09-19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-06-10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-06-04 02:22:50 | 000,413,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t3.sys -- (t3) DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-11-06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2005-09-23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\Google: "URL" = http://www.google.ru/search?hl=ru&q={searchTerms}\ IE - HKLM\..\SearchScopes\Wikipedia: "URL" = http://ru.wikipedia.org/wiki/{searchTerms}\ IE - HKLM\..\SearchScopes\Yahoo: "URL" = http://ru.search.yahoo.com/search?p={searchTerms}\ IE - HKLM\..\SearchScopes\Yandex: "URL" = http://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}\ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.thecrims.com/" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: avg@toolbar:13.2.0.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Domownik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-08 06:30:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-01 08:21:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-01-06 16:46:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-01-09 20:08:13 | 000,000,000 | ---D | M] [2011-03-02 18:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domownik\AppData\Roaming\Mozilla\Extensions [2013-01-07 17:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domownik\AppData\Roaming\Mozilla\Firefox\Profiles\071yjfpx.default\extensions [2013-01-06 16:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-01-06 16:28:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-06-16 20:49:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-07-01 08:21:28 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-01-06 16:28:51 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2013-01-06 16:28:51 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2013-01-06 16:28:51 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-01-06 16:28:51 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2013-01-06 16:28:51 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-01-06 16:28:51 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Domownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Domownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Domownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: No name found = C:\Users\Domownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: No name found = C:\Users\Domownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [ss] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - d:\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Pobierz w Free Download Manager - d:\Free Download Manager\dllink.htm () O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - d:\Free Download Manager\dlall.htm () O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - d:\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/PL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6866F5BA-9041-4812-A106-6BD2F049145A}: DhcpNameServer = 192.168.1.1 62.179.1.62 62.179.1.63 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-03-24 12:06:41 | 000,000,053 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010-02-08 11:24:39 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ] O32 - AutoRun File - [2002-10-16 19:56:50 | 000,000,036 | RH-- | M] () - J:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-15 19:11:49 | 000,000,000 | ---D | C] -- C:\_OTL [2013-01-15 01:41:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013-01-14 08:59:00 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\OTLPENet.exe [2013-01-14 08:37:24 | 005,021,655 | R--- | C] (Swearware) -- C:\ComboFix.exe [2013-01-10 17:01:37 | 000,000,000 | ---D | C] -- C:\Users\Domownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Cracked [2013-01-06 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\Domownik\AppData\Local\Macromedia [2013-01-06 16:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013-01-06 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013-01-05 02:07:41 | 000,000,000 | ---D | C] -- C:\Users\Domownik\AppData\Roaming\Stella [2012-12-29 14:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012-12-27 23:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT [2012-12-16 23:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comical [2012-12-16 23:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comical [2012-12-16 23:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay [2012-12-16 23:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay [2012-01-13 22:31:53 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Domownik\AppData\Roaming\tsdnwin.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-01-15 13:44:03 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-01-15 13:42:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-15 13:42:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-15 13:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-15 13:33:05 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-01-14 08:42:50 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\OTLPENet.exe [2013-01-14 08:22:51 | 005,021,655 | R--- | M] (Swearware) -- C:\ComboFix.exe [2013-01-13 22:07:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-12 21:22:24 | 000,750,200 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-01-12 21:22:24 | 000,725,694 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2013-01-12 21:22:24 | 000,663,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-01-12 21:22:24 | 000,160,700 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-01-12 21:22:24 | 000,154,292 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2013-01-12 21:22:24 | 000,125,252 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-01-12 14:38:02 | 000,000,577 | ---- | M] () -- C:\Users\Domownik\AppData\Roaming\burnaware.ini [2013-01-12 09:23:11 | 000,002,716 | ---- | M] () -- C:\Users\Domownik\.recently-used.xbel [2013-01-09 20:08:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-01-09 20:08:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-12 09:23:11 | 000,002,716 | ---- | C] () -- C:\Users\Domownik\.recently-used.xbel [2013-01-06 16:29:00 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-10-02 21:02:36 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll [2012-10-02 21:02:35 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll [2012-10-02 21:02:35 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll [2012-10-02 21:02:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll [2012-10-02 21:02:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll [2012-10-02 21:02:32 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll [2012-09-30 17:46:40 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012-09-30 17:46:40 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012-09-28 14:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-09-25 20:37:52 | 000,075,776 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\rbqt450.DLL [2012-09-25 20:37:52 | 000,065,024 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSPicturePlugin3542.dll [2012-09-25 20:37:52 | 000,064,512 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\rbap450.dll [2012-09-25 20:37:52 | 000,061,440 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSQTImporterPlugin3549.dll [2012-09-25 20:37:52 | 000,055,808 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSQuickTimePlugin3549.dll [2012-09-25 20:37:52 | 000,053,760 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSWinPlugin3544.dll [2012-09-25 20:37:52 | 000,052,224 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\EHZComp.dll [2012-09-25 20:37:52 | 000,048,640 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSResPlugin3542.dll [2012-09-25 20:37:52 | 000,044,032 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSMainPlugin3542.dll [2012-09-25 20:37:52 | 000,042,496 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSRegistryPlugin3544.dll [2012-09-25 20:37:52 | 000,041,472 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\RBShell400.dll [2012-09-25 20:37:52 | 000,037,888 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSPictureMacPlugin3552.dll [2012-09-25 20:37:52 | 000,036,352 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSFolderitemsPlugin3542.dll [2012-09-25 20:37:52 | 000,036,352 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSFolderitemsCreatePlugin3542.dll [2012-09-25 20:37:52 | 000,034,304 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSEncryptPlugin3543.dll [2012-09-25 20:37:52 | 000,033,792 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSIconPlugin3542.dll [2012-09-25 20:37:52 | 000,032,768 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSProcessPlugin3543.dll [2012-09-25 20:37:52 | 000,030,720 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSMemoryPlugin3542.dll [2012-09-25 20:37:52 | 000,029,696 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSMacOSXPlugin3545.dll [2012-09-25 20:37:52 | 000,029,184 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSRectPlugin3542.dll [2012-09-25 20:37:52 | 000,027,648 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSRegistrationPlugin3542.dll [2012-09-25 20:37:52 | 000,027,136 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSUsernamePlugin3541.dll [2012-09-25 20:37:52 | 000,026,112 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSResStreamPlugin3552.dll [2012-09-25 20:37:52 | 000,025,600 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\MBSVersionPlugin3581.dll [2012-09-25 20:37:52 | 000,019,968 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\EHMD5.dll [2012-09-25 20:37:52 | 000,018,432 | -H-- | C] () -- C:\Users\Domownik\AppData\Roaming\EHEncrypt.dll [2012-07-11 15:46:01 | 000,000,096 | ---- | C] () -- C:\Users\Domownik\AppData\Local\fusioncache.dat [2012-07-08 15:01:45 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012-07-08 15:01:44 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-07-08 15:01:22 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012-06-18 20:32:53 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2012-06-18 20:32:53 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012-05-23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012-05-02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012-02-15 03:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012-02-15 03:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012-01-03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\System32\abgx360.exe [2011-11-24 17:24:44 | 029,190,001 | ---- | C] () -- C:\Windows\System32\D3Studio [nfoto.com.pl]_nfotokreator_uninstaller.exe [2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011-09-26 18:46:37 | 001,072,128 | ---- | C] () -- C:\Users\Domownik\01192486.pot [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-06-07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011-06-07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011-06-07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011-06-07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011-06-07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011-05-01 16:41:04 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-05-01 16:41:03 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-05-01 15:38:16 | 000,000,183 | ---- | C] () -- C:\Windows\7THLEVEL.INI [2011-04-16 09:32:18 | 000,000,577 | ---- | C] () -- C:\Users\Domownik\AppData\Roaming\burnaware.ini [2011-04-12 16:07:42 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI [2011-04-11 19:27:54 | 000,000,115 | ---- | C] () -- C:\Windows\kaillera.ini [2011-03-25 21:33:48 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011-03-25 21:33:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\ECFD5E5943.sys [2011-03-06 20:30:15 | 000,011,264 | ---- | C] () -- C:\Users\Domownik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-04 18:11:13 | 000,000,309 | ---- | C] () -- C:\Windows\disney.ini [2011-03-03 09:18:40 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011-03-02 19:28:39 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-03-02 19:21:09 | 000,000,600 | ---- | C] () -- C:\Users\Domownik\AppData\Roaming\winscp.rnd [2011-03-02 18:46:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-03-02 18:21:10 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini [2011-03-02 18:21:09 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011-03-02 18:21:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2011-03-02 18:21:05 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini [2011-03-02 18:21:05 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini [2011-03-02 18:21:05 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini [2011-03-02 18:21:05 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini [2011-03-02 18:21:05 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini [2011-03-02 18:21:05 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini [2011-03-02 18:21:05 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini [2011-03-02 18:21:05 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini [2011-03-02 18:21:05 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini [2011-03-02 18:21:05 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini [2011-03-02 18:21:05 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini [2011-03-02 18:21:05 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini [2011-03-02 18:21:05 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini [2011-03-02 18:21:05 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini [2011-03-02 18:21:05 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini [2011-03-02 18:21:05 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini [2011-03-02 18:21:04 | 000,148,992 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll [2011-03-02 18:21:04 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini [2011-03-02 18:21:04 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini [2011-03-02 18:21:04 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini [2011-03-02 18:21:04 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini [2011-03-02 18:21:04 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini [2011-03-02 18:21:04 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini [2011-03-02 18:21:04 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini [2011-03-02 18:21:04 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini [2011-03-02 18:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-03-02 17:46:05 | 000,513,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-08-03 14:42:45 | 022,313,472 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-06-04 08:52:10 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1234 bytes -> C:\Program Files\Common Files\microsoft shared:C89j2BSzANkzJjrsNpMjtHytY @Alternate Data Stream - 1222 bytes -> C:\ProgramData\Microsoft:6inkd0OFizOF4wX8akqXGyG6 @Alternate Data Stream - 1183 bytes -> C:\Users\Domownik\AppData\Local\0bBlquKUiTcLkC:iWMBNQ5wDvVJHUGGygATy6j @Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:eCdpITJfPZeQQ3nQbUZVj2fPcYxs6 < End of report >