OTL logfile created on: 2014-02-21 19:17:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Krzysiek\Moje dokumenty Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 64,21% Memory free 4,35 Gb Paging File | 3,91 Gb Available in Paging File | 89,94% Paging File free Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 3,01 Gb Free Space | 12,31% Space Free | Partition Type: NTFS Drive D: | 78,13 Gb Total Space | 7,23 Gb Free Space | 9,25% Space Free | Partition Type: NTFS Drive E: | 46,50 Gb Total Space | 9,54 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Computer Name: STACJA | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-02-21 19:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\OTL.exe PRC - [2014-02-10 10:41:19 | 045,198,176 | ---- | M] (Opera Software) -- C:\Program Files\Opera\19.0.1326.63\opera.exe PRC - [2014-02-10 10:41:19 | 001,378,144 | ---- | M] () -- C:\Program Files\Opera\19.0.1326.63\opera_crashreporter.exe PRC - [2013-10-19 06:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2013-10-19 06:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2013-10-03 07:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-02-10 10:41:20 | 000,890,208 | ---- | M] () -- C:\Program Files\Opera\19.0.1326.63\ffmpegsumo.dll MOD - [2014-02-10 10:41:19 | 001,378,144 | ---- | M] () -- C:\Program Files\Opera\19.0.1326.63\opera_crashreporter.exe MOD - [2013-04-12 18:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\sqlite3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-10-19 06:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2013-10-03 07:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2013-03-23 01:22:24 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie\vfd.sys -- (VirtualFD) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rkhdrv40) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\P2k.sys -- (P2k) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys -- (ESProtectionDriver) DRV - File not found [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp32.sys -- (cleanhlp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2014-02-13 19:42:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013-10-17 20:31:22 | 000,145,640 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2013-10-11 10:47:23 | 000,097,896 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PSINReg.sys -- (PSINReg) DRV - [2013-10-11 10:46:44 | 000,128,232 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt) DRV - [2013-10-11 10:46:43 | 000,115,048 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc) DRV - [2013-10-11 10:46:42 | 000,179,944 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2013-10-11 10:46:42 | 000,103,528 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile) DRV - [2013-07-16 13:14:12 | 005,480,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2013-05-29 04:55:11 | 000,230,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2013-05-29 04:55:11 | 000,108,904 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2013-05-29 04:55:11 | 000,093,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2013-05-29 04:55:10 | 000,287,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2013-05-29 04:55:10 | 000,161,384 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2013-05-29 04:55:10 | 000,106,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2013-05-29 04:55:09 | 000,124,648 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2013-05-29 04:55:09 | 000,095,464 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2013-05-29 04:55:09 | 000,052,328 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS) DRV - [2013-05-29 04:55:08 | 000,126,184 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2013-05-29 04:55:08 | 000,107,752 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttps.sys -- (NNSHTTPS) DRV - [2013-05-29 04:55:08 | 000,084,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2013-04-29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2013-03-28 15:21:21 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2013-03-28 15:21:20 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2004-09-28 03:00:00 | 000,026,240 | ---- | M] (Totalidea Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RamDsk.sys -- (Ramdisk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\SearchScopes,DefaultScope = {7CBFE9B2-2E99-4429-9F87-75032938E3A5} IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\..\SearchScopes\{7CBFE9B2-2E99-4429-9F87-75032938E3A5}: "URL" = http://www.bing.com/search?q={searchTerms}&r=843 IE - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "http://www.google.pl" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - prefs.js..network.proxy.ftp: "79.127.107.49:8080" FF - prefs.js..network.proxy.http: "121.100.28.18" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.socks: "79.127.107.49:8080" FF - prefs.js..network.proxy.ssl: "79.127.107.49:8080" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-05-21 17:31:24 | 000,000,000 | ---D | M] [2013-04-19 15:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2014-02-14 13:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\1ueh45es.default-1368547622890\extensions [2013-05-21 17:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-02-14 13:09:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-05-18 05:48:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2014-02-14 11:59:45 | 000,450,622 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15470 more lines... O3 - HKLM\..\Toolbar: (no name) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found. O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files\Innovation\Innovation G-Laser Mouse\1.0\ACQTMAPP.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2000478354-1532298954-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0 O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DA7F5FE-9FB9-4691-8A66-8240A035B7F5}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-25 12:09:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013-03-25 19:52:29 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-05-14 21:19:17 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2013-02-27 20:56:49 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-02-21 19:16:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\OTL.exe [2014-02-21 19:07:31 | 000,522,360 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\SPTDinst-v186-x86.exe [2014-02-21 19:03:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Recent [2014-02-20 23:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\FOXIT SOFTWARE [2014-02-18 18:17:27 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys [2014-02-16 12:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ice Age 2 [2014-02-16 12:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Sierra [2014-02-16 12:30:55 | 013,485,616 | ---- | C] (Disc Soft Ltd) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DTLite4481-0347.exe [2014-02-14 11:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2014-02-14 11:43:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\spybotsd162.exe [2014-02-13 19:45:13 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014-02-13 19:45:13 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2014-02-13 19:42:30 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2014-01-31 19:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\XILS-lab [2014-01-29 16:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2014-01-28 20:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Waves [2014-01-27 22:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2014-01-24 19:18:10 | 000,026,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2014-01-24 18:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Motorola PST [2014-01-24 08:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\WIBU-SYSTEMS [2014-01-24 08:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola [2013-09-26 17:02:04 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-02-21 19:23:53 | 000,380,416 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\5hn0zb4v.exe [2014-02-21 19:21:30 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\SecurityCheck.exe [2014-02-21 19:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\OTL.exe [2014-02-21 19:09:22 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014-02-21 19:09:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014-02-21 19:07:37 | 000,522,360 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\SPTDinst-v186-x86.exe [2014-02-21 17:36:05 | 000,577,704 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2014-02-21 17:36:05 | 000,514,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014-02-21 17:36:05 | 000,116,292 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2014-02-21 17:36:05 | 000,093,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014-02-20 23:31:17 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk [2014-02-19 22:14:10 | 002,532,512 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\wierszyk.PDF [2014-02-17 07:50:04 | 003,618,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014-02-16 23:41:15 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games (2012) [DVDRip XviD AC3-sav] [Lektor PL] (1).torrent [2014-02-16 23:41:01 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games (2012) [DVDRip XviD AC3-sav] [Lektor PL].torrent [2014-02-16 23:40:51 | 000,013,271 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games -2012- [BRRip.RMVB] [Lektor PL] [NeDZA].torrent [2014-02-16 22:26:07 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Skrót do prezentazcja.avi.lnk [2014-02-16 12:36:58 | 000,000,001 | ---- | M] () -- C:\DXOkay.bin [2014-02-16 12:34:19 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Graj w Epokę lodowcową 2 Odwilż.lnk [2014-02-16 12:31:09 | 013,485,616 | ---- | M] (Disc Soft Ltd) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DTLite4481-0347.exe [2014-02-16 11:52:28 | 000,044,775 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Epoka Lodowcowa 2 Odwilż PL.torrent [2014-02-16 11:49:43 | 000,017,831 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Epoka Lodowcowa 4 Wędrówka Kontynentów- Arktyczne Igrzyska (2012) [ENG] [SKIDROW] (1).torrent [2014-02-16 11:44:34 | 000,017,831 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Epoka Lodowcowa 4 Wędrówka Kontynentów- Arktyczne Igrzyska (2012) [ENG] [SKIDROW].torrent [2014-02-15 09:20:08 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2014-02-14 13:17:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014-02-14 13:17:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2014-02-14 13:09:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2014-02-14 12:41:17 | 000,007,304 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\cc_20140214_124113.reg [2014-02-14 11:59:45 | 000,450,622 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2014-02-14 11:45:40 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2014-02-14 11:44:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Krzysiek\Moje dokumenty\spybotsd162.exe [2014-02-13 19:42:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2014-02-10 20:12:01 | 000,129,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\2zyih5d.jpg [2014-02-06 04:38:34 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2014-02-06 00:08:32 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2014-02-06 00:08:32 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2014-02-06 00:08:32 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2014-02-06 00:08:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2014-02-06 00:08:32 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2014-02-06 00:08:32 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2014-02-06 00:08:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2014-02-06 00:08:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2014-02-06 00:08:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2014-02-06 00:08:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2014-02-06 00:08:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2014-02-06 00:08:31 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2014-02-06 00:08:31 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2014-02-06 00:08:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2014-02-06 00:08:31 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2014-02-06 00:08:31 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2014-02-06 00:08:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2014-02-06 00:08:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2014-02-06 00:08:31 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2014-02-06 00:08:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2014-02-06 00:08:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2014-02-06 00:08:31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2014-02-06 00:08:31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2014-02-06 00:08:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2014-02-06 00:08:31 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2014-02-06 00:08:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2014-02-06 00:08:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2014-02-06 00:08:31 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2014-02-06 00:08:31 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2014-02-05 23:29:26 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2014-02-05 23:29:26 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2014-02-05 23:29:19 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2014-02-02 16:14:54 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Skrót do szachy2001.exe.lnk [2014-01-31 19:32:41 | 000,036,202 | ---- | M] () -- C:\WINDOWS\unins001.dat [2014-01-31 19:32:18 | 000,715,152 | ---- | M] () -- C:\WINDOWS\unins001.exe [2014-01-29 16:52:54 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-02-21 19:23:52 | 000,380,416 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\5hn0zb4v.exe [2014-02-21 19:21:24 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\SecurityCheck.exe [2014-02-20 23:31:17 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk [2014-02-19 22:14:10 | 002,532,512 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\wierszyk.PDF [2014-02-17 07:49:24 | 003,618,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014-02-16 23:41:15 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games (2012) [DVDRip XviD AC3-sav] [Lektor PL] (1).torrent [2014-02-16 23:41:01 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games (2012) [DVDRip XviD AC3-sav] [Lektor PL].torrent [2014-02-16 23:40:48 | 000,013,271 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Igrzyska śmierci - The Hunger Games -2012- [BRRip.RMVB] [Lektor PL] [NeDZA].torrent [2014-02-16 22:26:07 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Skrót do prezentazcja.avi.lnk [2014-02-16 12:36:56 | 000,000,001 | ---- | C] () -- C:\DXOkay.bin [2014-02-16 12:34:19 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Graj w Epokę lodowcową 2 Odwilż.lnk [2014-02-16 11:52:28 | 000,044,775 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Epoka Lodowcowa 2 Odwilż PL.torrent [2014-02-16 11:49:41 | 000,017,831 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Epoka Lodowcowa 4 Wędrówka Kontynentów- Arktyczne Igrzyska (2012) [ENG] [SKIDROW] (1).torrent [2014-02-16 11:44:32 | 000,017,831 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\[torrent.pl] Epoka Lodowcowa 4 Wędrówka Kontynentów- Arktyczne Igrzyska (2012) [ENG] [SKIDROW].torrent [2014-02-15 09:20:08 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2014-02-15 09:20:08 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk [2014-02-14 13:09:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2014-02-14 13:09:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2014-02-14 12:41:16 | 000,007,304 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\cc_20140214_124113.reg [2014-02-10 20:11:59 | 000,129,609 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\2zyih5d.jpg [2014-01-31 19:36:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\FxGoWinFu.dll [2014-01-31 19:32:35 | 000,715,152 | ---- | C] () -- C:\WINDOWS\unins001.exe [2014-01-31 19:32:35 | 000,036,202 | ---- | C] () -- C:\WINDOWS\unins001.dat [2014-01-29 16:52:54 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2013-12-29 23:08:20 | 000,003,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSfPa.dat [2013-12-29 23:08:12 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013-11-29 22:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PlugIn Enabler.INI [2013-11-24 14:17:35 | 000,371,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-2000478354-1532298954-725345543-1004-0.dat [2013-11-12 21:51:23 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2013-11-12 21:51:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2013-11-12 21:51:23 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll [2013-11-12 21:51:14 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2013-11-02 10:30:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\AmigabitPowerboosterTrial.dll [2013-11-02 09:49:32 | 000,371,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2013-10-28 06:38:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2013-06-18 22:41:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\0x0304A000.sfl [2013-06-05 11:50:41 | 000,000,242 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2013-05-24 07:32:23 | 002,494,464 | ---- | C] () -- C:\WINDOWS\AF_Osc.dat [2013-05-18 06:31:20 | 000,073,133 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\1368855049.bdinstall.bin [2013-05-18 06:30:48 | 000,022,568 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\1368855041.bdinstall.bin [2013-05-17 18:24:08 | 000,157,213 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\1368811265.bdinstall.bin [2013-05-04 08:32:09 | 000,012,146 | ---- | C] () -- C:\Documents and Settings\Krzysiek\AVGIDSAgent [2013-04-18 17:27:48 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Win3944_ConfigDB.dlx [2013-04-18 17:27:48 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\System8638Conf Collection [2013-04-07 23:55:12 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2013-04-03 15:08:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\KillSwitch.INI [2013-04-03 15:06:28 | 000,001,638 | ---- | C] () -- C:\WINDOWS\cce.INI [2013-03-28 15:21:21 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2013-03-28 15:21:20 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2013-03-03 20:07:38 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\recently-used.xbel [2013-02-04 21:18:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\oodjobd.INI [2013-01-13 15:02:23 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2013-01-13 14:18:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-12 10:31:35 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013-01-12 10:10:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2013-01-12 10:10:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2013-01-12 10:10:55 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2013-01-11 06:35:07 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini [2013-01-09 19:39:36 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013-01-09 19:39:36 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013-01-09 19:39:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013-01-09 19:38:25 | 002,817,904 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2013-01-07 17:01:06 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PnkBstrK.sys [2013-01-03 17:04:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2012-12-25 22:01:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-12-25 21:05:42 | 000,217,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-12-25 17:14:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2012-12-25 15:07:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012-12-25 14:24:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-12-25 13:56:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2012-12-25 13:51:55 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-12-25 12:59:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-12-25 12:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-12-25 12:07:22 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012-12-25 12:06:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\clbcatexx.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-12-26 09:56:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-11-09 12:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Amigabit [2013-07-07 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite [2013-11-02 16:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CheckPoint [2013-06-23 14:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-08-12 18:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\dingogames [2013-04-08 00:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\eLicenser [2013-12-14 11:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro [2013-03-04 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KSPlus [2013-03-29 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Licenses [2013-02-16 19:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MicroWorld [2013-03-22 18:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments [2013-11-09 15:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Orbit [2013-05-18 06:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Panda Security [2013-12-01 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2013-03-25 20:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI [2013-11-02 09:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Razer [2013-12-14 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM [2013-07-25 22:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe [2013-12-08 13:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Steam [2013-04-07 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Syncrosoft [2013-11-03 16:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2014-01-31 19:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XILS-lab [2014-02-04 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\25Assist [2013-02-25 16:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ambient Design [2013-06-21 22:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Antares [2013-11-02 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Audacity [2013-02-24 02:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BTDongle [2013-11-02 16:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Check Point Software Technologies LTD [2014-02-16 22:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DAEMON Tools Lite [2013-02-28 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Daichi [2013-08-12 18:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\dingogames [2013-04-19 15:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DRPSu [2013-12-29 19:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Easeware [2013-07-18 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\ElevatedDiagnostics [2014-02-20 23:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Foxit Software [2014-02-21 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ice Age 2 [2013-02-13 19:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Image-Line [2013-12-14 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\ipla [2014-01-03 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\KoshyJohn.com [2013-01-04 10:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\LocalLow [2013-11-04 22:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\MPC-HC [2014-01-18 08:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\newnext.me [2014-01-06 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Opera Software [2013-07-09 22:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Orbit [2013-05-18 06:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Panda Security [2013-12-01 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PlayFirst [2013-06-18 20:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\ProgSense [2013-05-17 18:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\QuickScan [2014-02-13 19:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\rmi [2013-05-18 06:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Sony [2013-11-21 18:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Steinberg [2012-12-25 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TestApp [2013-03-02 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Unity [2014-02-21 19:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\uTorrent [2012-12-26 01:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Wargaming.net [2013-07-12 06:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Windows Search [2014-01-16 19:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\XBMC [2013-11-25 22:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Foxit Software [2013-05-17 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\QuickScan [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C43ED645 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 < End of report >