OTL logfile created on: 2013-02-09 14:01:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piotrek\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,21 Gb Available Physical Memory | 10,74% Memory free 3,85 Gb Paging File | 1,66 Gb Available in Paging File | 43,18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 32,59 Gb Free Space | 30,34% Space Free | Partition Type: NTFS Drive D: | 190,66 Gb Total Space | 101,06 Gb Free Space | 53,00% Space Free | Partition Type: NTFS Computer Name: GOLDA-9D6C0CC18 | User Name: Piotrek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-02-09 13:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotrek\Desktop\OTL.exe PRC - [2013-01-24 12:52:00 | 002,074,256 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe PRC - [2013-01-20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Piotrek\Application Data\Dropbox\bin\Dropbox.exe PRC - [2013-01-18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012-11-08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe PRC - [2012-11-08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe PRC - [2012-10-05 13:30:36 | 000,876,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe PRC - [2012-10-05 13:30:36 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe PRC - [2012-10-05 13:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe PRC - [2012-09-28 13:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe PRC - [2012-07-03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011-01-17 17:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 17:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2008-04-14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-09-06 14:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe PRC - [2007-01-22 16:22:38 | 000,118,784 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2006-03-10 16:12:30 | 000,614,400 | ---- | M] (Ovislink Corp.) -- C:\Program Files\Ovislink\Common\TurboG-UI.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-01-24 12:52:00 | 002,074,256 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe MOD - [2013-01-18 09:07:02 | 012,459,472 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll MOD - [2013-01-18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll MOD - [2013-01-18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\pdf.dll MOD - [2013-01-18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\libglesv2.dll MOD - [2013-01-18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\libegl.dll MOD - [2013-01-18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll MOD - [2013-01-15 22:06:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013-01-10 15:57:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll MOD - [2013-01-10 15:57:44 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013-01-10 15:57:21 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll MOD - [2013-01-10 15:55:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013-01-10 15:55:51 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll MOD - [2013-01-10 15:55:42 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013-01-10 15:54:53 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013-01-10 15:54:48 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012-10-05 13:30:40 | 001,299,664 | ---- | M] () -- C:\Program Files\Comodo\GeekBuddy\QtScript4.dll MOD - [2012-10-05 13:30:40 | 000,976,080 | ---- | M] () -- C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll MOD - [2012-10-05 13:30:38 | 008,024,784 | ---- | M] () -- C:\Program Files\Comodo\GeekBuddy\QtGui4.dll MOD - [2012-10-05 13:30:38 | 002,254,544 | ---- | M] () -- C:\Program Files\Comodo\GeekBuddy\QtCore4.dll MOD - [2012-09-06 06:42:50 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012-05-30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-05-30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011-12-05 20:45:14 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010-03-16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2008-04-14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008-04-14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007-09-27 09:16:04 | 000,035,840 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\cryptapi.dll MOD - [2007-09-06 14:08:03 | 000,053,248 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\Lang\ENU.dll MOD - [2007-04-05 01:59:56 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\Plugins\Images\bw5mount.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-01-24 12:52:00 | 002,074,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2013-01-12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-01-08 21:56:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-11-08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012-10-05 13:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012-09-28 13:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2008-07-29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007-01-22 16:22:38 | 000,118,784 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Piotrek\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (add8gob0) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a35swtkk) DRV - [2012-11-08 00:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2012-11-08 00:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012-11-08 00:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012-08-17 13:44:38 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2011-12-20 08:39:28 | 000,100,368 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2011-12-06 04:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010-04-03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009-12-08 20:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100) DRV - [2007-03-15 01:57:00 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2007-03-15 01:55:00 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007-03-15 01:54:00 | 000,062,592 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-03-01 16:27:26 | 004,484,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007-01-22 16:23:20 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2005-10-27 14:06:00 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rt61.sys -- (RT61) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://farmerama.bigpoint.com/?locale=pl&aid=0&utm_source=direct&utm_medium=(none)&utm_content=startpage&utm_campaign=farmerama IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012-08-15 22:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotrek\Application Data\Mozilla\Firefox\extensions [2012-08-15 22:24:00 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Piotrek\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Piotrek\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll O1 HOSTS File: ([2012-11-01 01:23:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.) O4 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.) O4 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe (Ovislink Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.) O4 - Startup: C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Piotrek\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..Trusted Domains: http ([]* in Trusted sites) O15 - HKU\S-1-5-21-1275210071-1614895754-682003330-1003\..Trusted Domains: mks.com.pl ([]http in Trusted sites) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D449D58-2AB0-475A-B5FF-F5D9FDDC2E5A}: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D449D58-2AB0-475A-B5FF-F5D9FDDC2E5A}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6200E063-D490-49CD-91CF-4089D5F8E918}: NameServer = 8.26.56.26,156.154.70.22 O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Piotrek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piotrek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-08-15 12:59:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-02-09 13:59:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Piotrek\Desktop\OTL.exe [2013-02-08 20:26:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013-02-08 17:13:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2013-02-08 16:20:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013-02-08 16:20:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013-02-08 16:20:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013-02-08 16:20:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013-02-08 16:03:33 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013-02-08 16:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Desktop\Analiza 2 [2013-02-07 14:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Desktop\zloty zestaw [2013-02-06 12:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Desktop\New Folder [2013-02-01 16:13:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2013-01-29 13:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Desktop\egzaminy [2013-01-28 19:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Desktop\www.ii.uj.edu.pl [2013-01-23 23:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\PCHealth [2013-01-23 11:13:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-23 11:13:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-01-23 11:13:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-23 11:13:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2013-01-18 14:01:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2013-01-16 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2013-01-16 19:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO [2013-01-15 22:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\assembly [2013-01-15 22:11:50 | 000,047,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-ReportServer-rsctr.dll [2013-01-15 22:11:12 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll [2013-01-15 22:11:01 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQLSERVER-sqlctr10.50.1600.1.dll [2013-01-15 22:08:46 | 000,000,000 | ---D | C] -- C:\TampDB [2013-01-15 22:08:46 | 000,000,000 | ---D | C] -- C:\Logs [2013-01-15 22:08:46 | 000,000,000 | ---D | C] -- C:\Data [2013-01-15 22:08:46 | 000,000,000 | ---D | C] -- C:\Backups [2013-01-15 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\My Documents\SQL Server Management Studio [2013-01-15 22:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\My Documents\Integration Services Script Component [2013-01-15 22:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\My Documents\Integration Services Script Task [2013-01-15 22:03:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx [2013-01-15 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013-01-15 21:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008 [2013-01-15 21:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008 [2013-01-15 21:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\My Documents\Visual Studio 2005 [2013-01-15 21:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008 R2 [2013-01-15 20:45:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2013-01-15 18:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0 [2013-01-15 18:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2013-01-15 16:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\Microsoft_Corporation [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-02-09 13:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotrek\Desktop\OTL.exe [2013-02-09 13:55:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-02-09 13:44:10 | 000,066,964 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\zadania matematyka.jpg [2013-02-09 13:28:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-02-09 13:23:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1614895754-682003330-1003UA.job [2013-02-09 13:18:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-02-08 17:23:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1614895754-682003330-1003Core.job [2013-02-08 16:16:49 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Piotrek\Desktop\ComboFix.exe [2013-02-08 01:09:11 | 000,116,518 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\Bazy_summary.pdf [2013-02-07 21:51:41 | 009,142,464 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\Egz_z_odp.zip [2013-02-07 14:58:25 | 004,325,122 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\zloty zestaw.rar [2013-02-06 13:33:46 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Piotrek\Application Data\winscp.rnd [2013-02-06 12:28:28 | 000,023,032 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\TO_Staz_ISDCeng2.pdf [2013-02-05 23:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013-02-04 23:21:52 | 000,087,156 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\wyniki_kolokwium_poprawkowego.pdf [2013-02-01 16:43:20 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2013-02-01 16:30:41 | 000,000,437 | RHS- | M] () -- C:\boot.ini [2013-01-29 11:50:40 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Piotrek\Application Data\Microsoft\Internet Explorer\Quick Launch\ALL Media Server.lnk [2013-01-29 11:50:08 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\ALLPlayer.lnk [2013-01-27 19:49:03 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-25 17:39:53 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll [2013-01-24 20:48:22 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-24 20:48:10 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\Dropbox.lnk [2013-01-23 11:25:16 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Piotrek\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013-01-23 11:25:16 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\Google Chrome.lnk [2013-01-20 20:50:53 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\PUTTY.RND [2013-01-20 17:09:32 | 000,088,570 | ---- | M] () -- C:\Documents and Settings\Piotrek\Desktop\przykladowy_egzamin.pdf [2013-01-15 22:12:50 | 000,600,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-01-15 22:12:50 | 000,127,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-01-15 18:45:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-01-12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-01-12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-01-12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-02-09 13:44:09 | 000,066,964 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\zadania matematyka.jpg [2013-02-08 16:20:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013-02-08 16:20:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013-02-08 16:20:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013-02-08 16:20:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013-02-08 16:20:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013-02-08 01:09:11 | 000,116,518 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\Bazy_summary.pdf [2013-02-07 21:51:00 | 009,142,464 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\Egz_z_odp.zip [2013-02-07 14:58:10 | 004,325,122 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\zloty zestaw.rar [2013-02-06 12:28:26 | 000,023,032 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\TO_Staz_ISDCeng2.pdf [2013-02-05 14:10:51 | 000,088,570 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\przykladowy_egzamin.pdf [2013-02-04 23:21:50 | 000,087,156 | ---- | C] () -- C:\Documents and Settings\Piotrek\Desktop\wyniki_kolokwium_poprawkowego.pdf [2013-02-01 16:30:35 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013-02-01 16:30:35 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AirLive Turbo-G Wireless Utility.lnk [2013-02-01 16:30:35 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-01 16:30:35 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2013-02-01 16:30:35 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Piotrek\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-01-29 11:50:40 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Piotrek\Application Data\Microsoft\Internet Explorer\Quick Launch\ALL Media Server.lnk [2013-01-16 00:11:43 | 000,164,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012-10-03 23:49:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\PUTTY.RND [2012-10-02 15:01:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Piotrek\Application Data\winscp.rnd [2012-08-18 02:09:55 | 002,314,530 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1614895754-682003330-1003-0.dat [2012-08-18 02:09:52 | 000,191,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012-08-16 00:40:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-08-16 00:09:53 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-08-15 23:58:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Piotrek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-08-15 19:56:28 | 000,000,279 | ---- | C] () -- C:\WINDOWS\winlemm.ini [2012-08-15 19:34:39 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-08-15 19:34:39 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2012-08-15 14:47:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-08-15 14:44:19 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-15 14:00:12 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012-08-15 14:00:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll [2012-08-15 14:00:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2661.bin [2012-08-15 14:00:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2561s.bin [2012-08-15 14:00:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2561.bin [2012-08-15 13:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-08-15 13:51:41 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012-08-15 13:51:41 | 000,608,507 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012-08-15 13:51:41 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012-08-15 13:39:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-08-15 13:37:02 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012-08-15 13:01:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-08-15 12:57:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-12-05 21:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011-12-05 21:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-08-15 13:50:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012-06-28 22:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-12-31 12:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012-08-15 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter [2012-10-21 23:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA [2012-10-21 22:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro [2012-08-15 16:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 [2012-11-23 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012-09-04 11:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator [2012-08-17 14:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions [2012-08-15 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012-10-21 22:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\DAEMON Tools Pro [2012-11-26 23:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\Dev-Cpp [2013-02-09 13:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\Dropbox [2012-10-29 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\e-academy Inc [2012-08-15 19:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\Gadu-Gadu 10 [2012-08-15 15:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\GHISLER [2012-09-04 11:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\JCreator [2012-08-15 23:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\NapiProjekt [2012-08-15 16:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\Notepad++ [2012-09-06 06:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\OpenOffice.org [2012-11-10 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\SystemRequirementsLab [2013-02-08 16:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Application Data\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >