[code] OTS logfile created on: 2011-02-21 17:12:25 - Run 1 OTS by OldTimer - Version 3.1.41.4 Folder = C:\Users\Intel\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 61,06 Gb Total Space | 17,74 Gb Free Space | 29,05% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 67,78 Gb Free Space | 77,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INTEL-KOMPUTER Current User Name: Intel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Intel\Downloads\OTS.exe -> [2011-02-21 17:09:51 | 000,642,560 | ---- | M] (OldTimer Tools) volpanel.exe -> C:\Users\Intel\AppData\Roaming\VolPanel.exe -> [2011-02-19 10:02:56 | 000,335,872 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) bestplayer.exe -> C:\Users\Intel\Desktop\BESTplayer.exe -> [2011-01-20 07:59:02 | 001,093,632 | ---- | M] (Karol Winnicki) realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2011-01-20 07:37:17 | 000,180,269 | ---- | M] (RealNetworks, Inc.) utorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe -> [2011-01-20 07:27:49 | 000,395,640 | ---- | M] (BitTorrent, Inc.) gg.exe -> C:\Program Files\Gadu-Gadu 10\gg.exe -> [2010-12-16 06:19:28 | 012,984,928 | ---- | M] (GG Network S.A.) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) plugin-container.exe -> C:\Program Files\Mozilla Firefox\plugin-container.exe -> [2010-12-03 20:58:04 | 000,016,856 | ---- | M] (Mozilla Corporation) msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) atieclxx.exe -> C:\Windows\System32\atieclxx.exe -> [2010-11-26 03:54:28 | 000,393,216 | ---- | M] (AMD) atiesrxx.exe -> C:\Windows\System32\atiesrxx.exe -> [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) msmpeng.exe -> C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) dtlite.exe -> C:\Program Files\DAEMON Tools Lite\DTLite.exe -> [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) exproelauncher.exe -> C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe -> [2009-04-28 08:50:24 | 000,086,016 | ---- | M] (Nektra S.A.) [Modules - Safe List] ots.exe -> C:\Users\Intel\Downloads\OTS.exe -> [2011-02-21 17:09:51 | 000,642,560 | ---- | M] (OldTimer Tools) sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) sechost.dll -> C:\Windows\System32\sechost.dll -> [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) profapi.dll -> C:\Windows\System32\profapi.dll -> [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) devobj.dll -> C:\Windows\System32\devobj.dll -> [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (AMD External Events Utility) AMD External Events Utility [Auto | Running] -> C:\Windows\System32\atiesrxx.exe -> [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) (NisSrv) Inspekcja sieci firmy Microsoft [On_Demand | Stopped] -> C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010-11-11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) (MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) (WwanSvc) Automatyczne konfigurowanie bezprzewodowej sieci WAN [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) (WbioSrvc) Usługa biometryczna systemu Windows [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) (Power) Zasilanie [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) (Themes) Kompozycje [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) (sppuinotify) Usługa powiadomień SPP [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) (RpcEptMapper) Program mapowania punktów końcowych wywołań RPC [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) (SensrSvc) Jasność adaptacyjna [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) (PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) (PNRPsvc) Protokół rozpoznawania nazw równorzędnych [On_Demand | Running] -> C:\Windows\System32\pnrpsvc.dll -> [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) (p2pimsvc) Menedżer tożsamości sieci równorzędnej [On_Demand | Running] -> C:\Windows\System32\pnrpsvc.dll -> [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) (HomeGroupProvider) Dostawca grupy domowej [On_Demand | Running] -> C:\Windows\System32\provsvc.dll -> [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) (PNRPAutoReg) Usługa publikowania nazw komputerów PNRP [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Disabled | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) (HomeGroupListener) Usługa nasłuchująca grup domowych [On_Demand | Running] -> C:\Windows\System32\ListSvc.dll -> [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) (FontCache) Usług systemu Windows buforowania czcionek [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) (Dhcp) Klient DHCP [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) (defragsvc) Defragmentator dysków [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) (BDESVC) Usługa szyfrowania dysków funkcją BitLocker [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) (AxInstSV) Instalator formantów ActiveX (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) (AppIDSvc) Tożsamość aplikacji [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) (sppsvc) Ochrona oprogramowania [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (MpKsl672d9fb7) MpKsl672d9fb7 [Kernel | System | Running] -> C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B2675EB-B623-4AC0-9A8F-62A7FD1E5DC8}\MpKsl672d9fb7.sys -> [2011-02-21 15:12:38 | 000,028,752 | ---- | M] (Microsoft Corporation) (sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2011-01-19 16:46:13 | 000,691,696 | ---- | M] () (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2010-12-30 11:59:18 | 003,351,208 | ---- | M] (Realtek Semiconductor Corp.) (amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) (amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmpag.sys -> [2010-11-26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) (AtiHDAudioService) ATI Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AtihdW73.sys -> [2010-11-17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) (NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2010-10-24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) (MpNWMon) Microsoft Malware Protection Network Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010-10-24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) (cmdide) cmdide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\cmdide.sys -> [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) (adpahci) adpahci [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpahci.sys -> [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) (adp94xx) adp94xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adp94xx.sys -> [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) (amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsbs.sys -> [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) (adpu320) adpu320 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpu320.sys -> [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arcsas.sys -> [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) (amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsata.sys -> [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) (arc) arc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arc.sys -> [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) (amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\amdxata.sys -> [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) (aliide) aliide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\aliide.sys -> [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) (nvstor) nvstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvstor.sys -> [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) (nvraid) nvraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvraid.sys -> [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nfrd960.sys -> [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) (LSI_SAS) LSI_SAS [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas.sys -> [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) (iaStorV) iaStorV [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iaStorV.sys -> [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) (MegaSR) MegaSR [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MegaSR.sys -> [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) (KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) (LSI_SCSI) LSI_SCSI [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_scsi.sys -> [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) (LSI_FC) LSI_FC [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_fc.sys -> [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) (LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas2.sys -> [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) (iirsp) iirsp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iirsp.sys -> [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) (megasas) megasas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\megasas.sys -> [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) (hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) (elxstor) elxstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\elxstor.sys -> [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) (aic78xx) aic78xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\djsvs.sys -> [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) (HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HpSAMD.sys -> [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) (FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) (vsmraid) vsmraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vsmraid.sys -> [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) (vmbus) Magistrala maszyny wirtualnej [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vmbus.sys -> [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) (vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vhdmp.sys -> [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) (storflt) Sterownik filtru przyspieszania magistrali dyskowej maszyny wirtualnej [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vmstorfl.sys -> [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) (vdrvroot) Sterownik modułu wyliczającego dysku wirtualnego Microsoft [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vdrvroot.sys -> [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) (storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\storvsc.sys -> [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) (viaide) viaide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\viaide.sys -> [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) (ql2300) ql2300 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql2300.sys -> [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) (rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) (ql40xx) ql40xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql40xx.sys -> [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) (SiSRaid4) SiSRaid4 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\sisraid4.sys -> [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) (pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) (SiSRaid2) SiSRaid2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\SiSRaid2.sys -> [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) (stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\stexstor.sys -> [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) (CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\Brserid.sys -> [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) (rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\rdpbus.sys -> [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) (RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) (RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) (WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) (NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) (vwifibus) Sterownik wirtualnej magistrali WiFi [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) (1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\1394ohci.sys -> [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) (UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) (mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) (MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) (CompositeBus) Sterownik modułu wyliczającego magistrali kompozytowej [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CompositeBus.sys -> [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) (AppID) Sterownik AppID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\appid.sys -> [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) (scfilter) Sterownik filtru klas karty inteligentnej PnP [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) (s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vms3cap.sys -> [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) (VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\VMBusHID.sys -> [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) (discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) (AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\acpipmi.sys -> [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) (AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) (hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\hcw85cir.sys -> [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbMdm.sys -> [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbSer.sys -> [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrSerWdm.sys -> [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltLo.sys -> [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltUp.sys -> [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (RTL8167) Sterownik Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rt86win7.sys -> [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) (b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) (ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\evbdx.sys -> [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) (b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\bxvbdx.sys -> [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) (SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\System32\drivers\scdemu.sys -> [2008-03-14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\] > -> -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\: Main\\"Start Page" -> http://www.qooqlle.com/ -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Intel\AppData\Roaming\Mozilla\FireFox\Profiles\jceikm04.default\prefs.js -> browser.search.openintab -> true -> browser.search.useDBForOrder -> true -> browser.startup.homepage -> "http://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" -> extensions.enabledItems -> expressivo@expressivo.com:1.0 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 -> extensions.enabledItems -> engine@conduit.com:3.2.5.2 -> extensions.enabledItems -> {5c81f57f-3cf7-4785-b4ef-11ace31aec4f}:3.2.5.2 -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 -> extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 -> extensions.enabledItems -> {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 -> network.proxy.backup.ftp -> "127.0.0.1" -> network.proxy.backup.ftp_port -> 9666 -> network.proxy.backup.gopher -> "127.0.0.1" -> network.proxy.backup.gopher_port -> 9666 -> network.proxy.backup.socks -> "127.0.0.1" -> network.proxy.backup.socks_port -> 9666 -> network.proxy.backup.ssl -> "127.0.0.1" -> network.proxy.backup.ssl_port -> 9666 -> network.proxy.ftp -> "127.0.0.1" -> network.proxy.ftp_port -> 9666 -> network.proxy.gopher -> "127.0.0.1" -> network.proxy.gopher_port -> 9666 -> network.proxy.http -> "127.0.0.1" -> network.proxy.http_port -> 9666 -> network.proxy.share_proxy_settings -> true -> network.proxy.socks -> "127.0.0.1" -> network.proxy.socks_port -> 9666 -> network.proxy.ssl -> "127.0.0.1" -> network.proxy.ssl_port -> 9666 -> network.proxy.type -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011-02-19 23:48:37 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011-02-19 23:48:25 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Intel\AppData\Roaming\mozilla\Extensions -> [2011-02-19 23:48:49 | 000,000,000 | ---D | M] -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions -> [2011-02-21 15:15:58 | 000,000,000 | ---D | M] All-in-One Sidebar -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} -> [2011-02-21 15:15:53 | 000,000,000 | ---D | M] Bigpoint Games PL Community Toolbar -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f} -> [2011-02-21 15:08:14 | 000,000,000 | ---D | M] Adblock Plus -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2011-02-21 15:09:48 | 000,000,000 | ---D | M] "Tab Mix Plus" -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2011-02-21 15:15:53 | 000,000,000 | ---D | M] -> C:\Users\Intel\AppData\Roaming\mozilla\Firefox\Profiles\jceikm04.default\extensions\engine@conduit.com -> [2011-02-21 15:08:14 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> search.xml -> C:\Users\Intel\AppData\Roaming\Mozilla\FireFox\Profiles\jceikm04.default\searchplugins\search.xml -> [2011-02-21 15:01:51 | 000,001,860 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011-02-21 15:15:58 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2011-01-21 12:14:09 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011-01-23 09:18:28 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011-02-16 20:50:38 | 000,000,000 | ---D | M] Expressivo Toolbar for Firefox -> C:\PROGRAM FILES\IVO\EXPRESSIVO\INTEGR\IH-FFOX -> [2011-01-31 12:03:11 | 000,000,000 | ---D | M] Conduit Engine -> C:\USERS\INTEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JCEIKM04.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM -> [2011-02-21 15:08:14 | 000,000,000 | ---D | M] < FireFox Components [Program Folders] > -> RadioWMPCore.dll -> C:\USERS\INTEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JCEIKM04.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM\components\RadioWMPCore.dll -> [2010-11-22 17:43:36 | 000,097,280 | ---- | M] () RadioWMPCoreGecko19.dll -> C:\USERS\INTEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JCEIKM04.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM\components\RadioWMPCoreGecko19.dll -> [2010-11-22 17:43:36 | 000,101,376 | ---- | M] () < HOSTS File > ([2009-06-10 22:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {85F685C3-20D9-4943-95E4-EB4224056C3F} [HKLM] -> C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll [Expressivo] -> [2008-09-19 13:19:16 | 000,352,256 | ---- | M] (IVO Software Sp. z o.o.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011-01-30 16:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) "MSC" -> C:\Program Files\Microsoft Security Client\msseces.exe ["C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) "Readar_sl" -> C:\Users\Intel\AppData\Roaming\Readar_sl.exe [%APPDATA%\Readar_sl.exe] -> [2011-02-19 10:02:55 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) "StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010-11-25 21:40:36 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) "TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2011-01-20 07:37:17 | 000,180,269 | ---- | M] (RealNetworks, Inc.) "TunesHelper" -> C:\ProgramData\TunesHelper.exe [%ALLUSERSPROFILE%\TunesHelper.exe] -> [2011-02-19 10:02:56 | 008,179,200 | RHS- | M] () "VolPanel32" -> C:\Users\Intel\AppData\Roaming\VolPanel.exe [%APPDATA%\VolPanel.exe] -> [2011-02-19 10:02:56 | 000,335,872 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) "Windows Defender" -> [] -> File not found < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009-07-14 02:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009-07-14 02:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\] > -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\DTLite.exe ["C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) "ExprOElauncher" -> C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe [C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe] -> [2009-04-28 08:50:24 | 000,086,016 | ---- | M] (Nektra S.A.) < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001] > -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoWindowsUpdate" -> [1] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\] > -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\] > -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3958584857-357473059-3986282115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {D2C70D3B-0552-4267-B2D2-063FF8169955}\\DhcpNameServer -> 192.168.0.1 (Karta Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009-07-14 02:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> pku2u -> C:\Windows\System32\pku2u.dll -> [2009-07-14 02:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Sterownik stacji dysków CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{e4db6b11-23e3-11e0-bff7-001d7da1aa1c} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4db6b11-23e3-11e0-bff7-001d7da1aa1c}\shell \{e4db6b11-23e3-11e0-bff7-001d7da1aa1c}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4db6b11-23e3-11e0-bff7-001d7da1aa1c}\shell\AutoRun\command \{e4db6b11-23e3-11e0-bff7-001d7da1aa1c}\shell\AutoRun\command\\"" -> [L:\StartUp.exe] -> File not found \{e4db6b14-23e3-11e0-bff7-001d7da1aa1c} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4db6b14-23e3-11e0-bff7-001d7da1aa1c}\shell \{e4db6b14-23e3-11e0-bff7-001d7da1aa1c}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4db6b14-23e3-11e0-bff7-001d7da1aa1c}\shell\AutoRun\command \{e4db6b14-23e3-11e0-bff7-001d7da1aa1c}\shell\AutoRun\command\\"" -> [M:\AUTORUN.EXE] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] Malwarebytes -> C:\Users\Intel\AppData\Roaming\Malwarebytes -> [2011-02-21 05:39:10 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011-02-21 05:39:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011-02-21 05:39:01 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011-02-21 05:38:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011-02-21 05:38:58 | 000,000,000 | ---D | C] Mozilla Firefox -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox -> [2011-02-19 23:48:29 | 000,000,000 | ---D | C] VolPanel.exe -> C:\Users\Intel\AppData\Roaming\VolPanel.exe -> [2011-02-19 10:02:56 | 000,335,872 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) Readar_sl.exe -> C:\Users\Intel\AppData\Roaming\Readar_sl.exe -> [2011-02-19 10:02:56 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) Java -> C:\Program Files\Common Files\Java -> [2011-02-16 20:50:50 | 000,000,000 | ---D | C] javaws.exe -> C:\Windows\System32\javaws.exe -> [2011-02-16 20:50:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\System32\javaw.exe -> [2011-02-16 20:50:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\Windows\System32\java.exe -> [2011-02-16 20:50:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) ivo -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ivo -> [2011-01-31 12:03:13 | 000,000,000 | ---D | C] Expressivo Podcasts -> C:\Users\Intel\Documents\Expressivo Podcasts -> [2011-01-31 12:03:08 | 000,000,000 | R--D | C] Expressivo Documents -> C:\Users\Intel\Documents\Expressivo Documents -> [2011-01-31 12:03:08 | 000,000,000 | R--D | C] ivo -> C:\Program Files\ivo -> [2011-01-31 12:03:08 | 000,000,000 | ---D | C] Expressivo -> C:\Users\Intel\AppData\Roaming\Expressivo -> [2011-01-31 12:03:08 | 000,000,000 | ---D | C] IVONA -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA -> [2011-01-31 12:00:12 | 000,000,000 | ---D | C] IVONA -> C:\Program Files\IVONA -> [2011-01-31 12:00:12 | 000,000,000 | ---D | C] IVONA_INST -> C:\Users\Intel\AppData\Local\IVONA_INST -> [2011-01-31 11:50:05 | 000,000,000 | ---D | C] 2011-01-28 -> C:\Users\Intel\Desktop\2011-01-28 -> [2011-01-28 10:06:28 | 000,000,000 | ---D | C] Pendulo Studios -> C:\ProgramData\Pendulo Studios -> [2011-01-24 11:02:22 | 000,000,000 | ---D | C] Pendulo Studios -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pendulo Studios -> [2011-01-24 10:35:07 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011-02-21 15:08:37 | 000,014,016 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011-02-21 15:08:37 | 000,014,016 | -H-- | M] () perfh015.dat -> C:\Windows\System32\perfh015.dat -> [2011-02-21 15:05:41 | 000,692,906 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011-02-21 15:05:41 | 000,611,996 | ---- | M] () perfc015.dat -> C:\Windows\System32\perfc015.dat -> [2011-02-21 15:05:41 | 000,133,432 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011-02-21 15:05:41 | 000,105,214 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011-02-21 15:01:29 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011-02-21 15:01:25 | 2414,731,264 | -HS- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011-02-21 05:39:02 | 000,001,067 | ---- | M] () Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011-02-19 23:48:29 | 000,001,885 | ---- | M] () TunesHelper.exe -> C:\ProgramData\TunesHelper.exe -> [2011-02-19 10:02:56 | 008,179,200 | RHS- | M] () VolPanel.exe -> C:\Users\Intel\AppData\Roaming\VolPanel.exe -> [2011-02-19 10:02:56 | 000,335,872 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) Readar_sl.exe -> C:\Users\Intel\AppData\Roaming\Readar_sl.exe -> [2011-02-19 10:02:55 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011-02-12 22:15:54 | 000,001,989 | ---- | M] () javaws.exe -> C:\Windows\System32\javaws.exe -> [2011-02-02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\System32\javaw.exe -> [2011-02-02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) java.exe -> C:\Windows\System32\java.exe -> [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) deployJava1.dll -> C:\Windows\System32\deployJava1.dll -> [2011-02-02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) Uruchom grę.lnk -> C:\Users\Intel\Desktop\Uruchom grę.lnk -> [2011-01-25 09:03:03 | 000,000,897 | ---- | M] () GrayMatter — skrót.lnk -> C:\Users\Intel\Desktop\GrayMatter — skrót.lnk -> [2011-01-24 10:59:13 | 000,000,508 | ---- | M] () [Files - No Company Name] Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011-02-21 05:39:02 | 000,001,067 | ---- | C] () Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011-02-19 23:48:29 | 000,001,885 | ---- | C] () TunesHelper.exe -> C:\ProgramData\TunesHelper.exe -> [2011-02-19 10:02:56 | 008,179,200 | RHS- | C] () Uruchom grę.lnk -> C:\Users\Intel\Desktop\Uruchom grę.lnk -> [2011-01-25 09:03:03 | 000,000,897 | ---- | C] () GrayMatter — skrót.lnk -> C:\Users\Intel\Desktop\GrayMatter — skrót.lnk -> [2011-01-24 10:59:13 | 000,000,508 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2011-01-20 07:39:04 | 000,000,025 | ---- | C] () PnkBstrK.sys -> C:\Windows\System32\drivers\PnkBstrK.sys -> [2011-01-19 17:49:39 | 000,138,184 | ---- | C] () sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2011-01-19 16:46:13 | 000,691,696 | ---- | C] () ODBC.INI -> C:\Windows\ODBC.INI -> [2011-01-19 16:21:39 | 000,000,412 | ---- | C] () hpotscl1.dll -> C:\Windows\System32\hpotscl1.dll -> [2009-07-14 01:55:09 | 000,587,776 | ---- | C] () BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () xlive.dll.cat -> C:\Windows\System32\xlive.dll.cat -> [2008-10-22 05:29:06 | 000,173,550 | ---- | C] () OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () < End of report > [/code]