OTL logfile created on: 2013-10-03 02:22:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\wirusy Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,72% Memory free 4,20 Gb Paging File | 3,52 Gb Available in Paging File | 83,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 24,74 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Drive D: | 90,32 Gb Total Space | 86,62 Gb Free Space | 95,90% Space Free | Partition Type: NTFS Drive H: | 3,76 Gb Total Space | 0,30 Gb Free Space | 8,08% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-03 01:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\wirusy\OTL.exe PRC - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-01-04 18:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010-07-19 18:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010-07-19 18:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010-03-24 01:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2010-03-24 01:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2010-03-10 00:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010-03-10 00:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe PRC - [2009-03-03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-06-11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008-01-21 04:24:41 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-08-08 15:35:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-01-04 18:28:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010-07-19 18:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010-07-19 18:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010-03-24 01:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010-03-24 01:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010-03-10 00:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe -- (STacSV) SRV - [2009-03-03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe -- (AESTFilters) SRV - [2008-01-21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\admin\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2011-03-23 17:05:24 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) DRV - [2011-01-05 21:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010-11-26 00:42:46 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-11-26 00:42:44 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010-11-26 00:42:44 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-11-26 00:42:44 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010-07-14 05:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) DRV - [2010-05-12 23:05:18 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-03-10 00:56:02 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009-11-03 18:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009-11-03 18:40:42 | 000,012,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ccidflt.sys -- (CCIDFILTER) DRV - [2008-11-06 00:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008-06-04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) DRV - [2008-01-21 04:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_plPL459 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-08-08 15:35:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012-09-20 12:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013-10-03 02:16:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Savensharee) - {670BA3DF-57B2-1B12-10E5-BBCB35590E6B} - C:\ProgramData\Savensharee\9asrfx.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe () O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.116.104.104 217.116.100.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E966D6C-1411-4965-B870-FCB1B5301FB1}: DhcpNameServer = 79.163.127.70 217.116.100.65 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3D57107-74A2-480E-8FEC-C3723DDBDDA9}: DhcpNameServer = 192.168.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA17342A-C7DA-41D0-BDD7-C813D1787E8B}: NameServer = 192.168.1.1,192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DA50DB-4FCA-421C-BF2A-BC7E37843C6D}: DhcpNameServer = 217.116.104.104 217.116.100.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC0B33F4-099B-4D39-9D50-90B47DF1FB63}: DhcpNameServer = 217.116.104.104 217.116.100.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013-03-17 16:52:00 | 000,049,518 | ---- | M] () - H:\autoruns.chm -- [ FAT32 ] O32 - AutoRun File - [2013-09-13 12:33:48 | 000,550,371 | ---- | M] () - H:\Autoruns.zip -- [ FAT32 ] O32 - AutoRun File - [2013-07-31 13:08:00 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) - H:\autoruns.exe -- [ FAT32 ] O32 - AutoRun File - [2013-07-31 13:08:00 | 000,579,264 | ---- | M] (Sysinternals - www.sysinternals.com) - H:\autorunsc.exe -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk /p \??\I:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-03 02:21:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013-10-03 02:16:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013-10-03 02:15:04 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp [2013-10-03 02:05:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013-10-03 02:05:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013-10-03 02:05:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013-10-03 02:05:06 | 000,000,000 | ---D | C] -- C:\ComboFix [2013-10-02 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro [2013-09-17 17:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Savensharee [2013-09-17 16:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft [2013-09-17 16:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013-09-13 13:11:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2013-09-13 13:10:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013-09-10 13:06:26 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\warzywa [2013-09-03 09:52:31 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\kopp [2013-06-08 13:10:52 | 087,104,095 | ---- | C] (SANKOM Sp. z o.o. ) -- C:\Program Files\setupozc.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-03 02:16:29 | 000,031,877 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013-10-03 02:16:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013-10-03 02:16:14 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-10-03 02:16:14 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-10-03 02:16:11 | 000,031,877 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013-10-03 02:16:08 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-10-03 02:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-10-03 02:15:52 | 2134,818,816 | -HS- | M] () -- C:\hiberfil.sys [2013-10-03 01:52:00 | 000,001,614 | ---- | M] () -- C:\Users\admin\Desktop\Antivirus Security Pro.lnk [2013-10-03 01:52:00 | 000,000,118 | ---- | M] () -- C:\Users\admin\Desktop\Antivirus Security Pro support.url [2013-10-03 01:45:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000UA.job [2013-10-03 01:30:11 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-10-02 10:45:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000Core.job [2013-10-01 14:38:36 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013-10-01 08:28:37 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob [2013-09-29 16:11:17 | 000,662,112 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-09-29 16:11:17 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-09-29 16:11:17 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-09-29 16:11:17 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-09-27 21:34:50 | 000,070,656 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-09-21 11:05:40 | 000,002,042 | ---- | M] () -- C:\Users\admin\Desktop\Google Chrome.lnk [2013-09-15 12:56:46 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat [2013-09-14 14:41:21 | 000,197,215 | ---- | M] () -- C:\Users\admin\Desktop\MUZEUM-PRYWATNE_e-form_projekt_v1.pdf [2013-09-13 13:06:55 | 000,000,004 | ---- | M] () -- C:\Users\admin\AppData\Roaming\settings.ini [2013-09-12 11:34:15 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-03 02:05:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013-10-03 02:05:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013-10-03 02:05:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013-10-03 02:05:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013-10-03 02:05:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013-10-03 00:56:00 | 2134,818,816 | -HS- | C] () -- C:\hiberfil.sys [2013-10-02 23:29:12 | 000,001,614 | ---- | C] () -- C:\Users\admin\Desktop\Antivirus Security Pro.lnk [2013-10-02 23:29:12 | 000,000,118 | ---- | C] () -- C:\Users\admin\Desktop\Antivirus Security Pro support.url [2013-09-13 11:41:23 | 000,000,004 | ---- | C] () -- C:\Users\admin\AppData\Roaming\settings.ini [2013-09-12 11:15:38 | 000,197,215 | ---- | C] () -- C:\Users\admin\Desktop\MUZEUM-PRYWATNE_e-form_projekt_v1.pdf [2013-04-12 22:34:14 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013-04-12 22:34:14 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012-11-03 01:17:41 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-12-29 00:17:35 | 000,070,656 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-30 16:23:36 | 000,000,272 | ---- | C] () -- C:\Users\admin\AppData\Roaming\.backup.dm [2011-11-15 15:25:34 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2011-11-15 15:25:34 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll [2011-11-15 15:21:44 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2011-11-15 15:00:22 | 000,031,877 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-11-15 15:00:20 | 000,031,877 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-11-15 14:44:46 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2011-11-15 14:44:46 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe [2011-11-15 14:44:46 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll [2011-11-15 14:44:46 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2011-11-15 14:44:46 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll [2011-11-15 14:44:46 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe [2011-11-15 14:44:46 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe [2011-11-15 14:44:46 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe [2011-11-15 10:26:04 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-03-03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-01-21 04:24:29 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >