OTL logfile created on: 2014-03-27 13:51:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laciaty\Desktop\Pobr 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,32% Memory free 7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,78% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,04 Gb Total Space | 11,68 Gb Free Space | 15,57% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 1,48 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 2,85 Gb Free Space | 1,46% Space Free | Partition Type: NTFS Drive K: | 100,00 Mb Total Space | 65,48 Mb Free Space | 65,48% Space Free | Partition Type: NTFS Computer Name: LACIATY-PC | User Name: Laciaty | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-03-27 09:05:24 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Laciaty\Desktop\Pobr\OTH.exe PRC - [2014-03-26 22:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laciaty\Desktop\Pobr\otl.exe PRC - [2014-03-04 12:43:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2013-10-18 02:34:26 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-10-15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013-09-20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013-09-13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-10-18 02:35:48 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-03-04 12:43:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014-02-23 12:48:37 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013-12-05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-11-06 18:30:44 | 000,758,224 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-10-23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-10-18 02:34:26 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-01-17 09:11:16 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:[b]64bit:[/b] - [2013-10-28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2013-10-28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013-09-30 16:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:[b]64bit:[/b] - [2013-09-30 16:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:[b]64bit:[/b] - [2013-09-28 00:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2013-01-16 17:54:04 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA) DRV:[b]64bit:[/b] - [2010-01-22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010-01-22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2009-10-21 04:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:[b]64bit:[/b] - [2009-07-16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-12-26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 A5 65 76 B2 E2 CE 01 [binary data] IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\..\SearchScopes,DefaultScope = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014-01-26 21:40:58 | 000,000,000 | ---D | M] [2013-12-23 15:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laciaty\AppData\Roaming\mozilla\Extensions [2013-12-23 15:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-12-23 15:51:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014-03-26 21:44:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000..\Run: [Bloody2] C:\Program Files (x86)\Bloody2\Bloody2\Bloody2.exe () O4 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:[b]64bit:[/b] - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-1677957099-4081012278-1826052583-1001\..Trusted Domains: sony.com ([]* in ) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A11FF9-AEFC-49C1-8FF7-58EF48C5BF5D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{875E1482-CFC4-4B23-9023-63E72DD109CC}: DhcpNameServer = 7.254.254.254 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-03-26 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\logs [2014-03-26 21:46:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-03-23 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Desktop\Nowy folder (2) [2014-03-22 19:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor [2014-03-22 19:50:00 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor [2014-03-22 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Editor [2014-03-22 19:49:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2014-03-22 19:49:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2014-03-20 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II [2014-03-20 21:24:12 | 000,106,496 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2014-03-20 21:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II [2014-03-18 18:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2014-03-15 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\DayZ [2014-03-15 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Local\DayZ [2014-03-14 20:39:53 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Desktop\Pobr [2014-03-14 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV [2014-03-14 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Roaming\New Technology Studio [2014-03-14 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Local\New Technology Studio [2014-03-14 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\Rockstar Games [2014-03-14 20:27:49 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Local\Rockstar Games [2014-03-14 17:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games [2014-03-12 15:57:42 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\NBGI [2014-03-12 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\AppData\Local\NBGI [2014-03-04 11:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2014-03-03 13:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Totem Shared [2014-03-03 13:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtuaGirl 2 [2014-03-03 10:01:47 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\MercurySteam [2014-03-01 22:48:19 | 000,000,000 | ---D | C] -- C:\Users\Laciaty\Documents\Thief [1 C:\Users\Laciaty\Desktop\*.tmp files -> C:\Users\Laciaty\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-03-27 13:51:27 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-03-27 13:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-03-27 13:49:53 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys [2014-03-27 09:25:25 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-03-27 09:25:25 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-03-27 09:01:25 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-03-26 21:44:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014-03-26 16:42:36 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140326-164804.backup [2014-03-25 16:14:24 | 000,000,115 | ---- | M] () -- C:\Users\Laciaty\Desktop\mTA.url [2014-03-25 15:43:30 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140326-164236.backup [2014-03-24 22:58:37 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140325-154330.backup [2014-03-24 16:04:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-03-24 16:04:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-03-22 19:49:52 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2014-03-22 19:49:51 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2014-03-22 16:51:51 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140324-225837.backup [2014-03-22 13:53:27 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140322-165151.backup [2014-03-20 21:35:52 | 000,026,506 | ---- | M] () -- C:\Windows\DIIUnin.dat [2014-03-20 21:24:12 | 000,106,496 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2014-03-20 21:24:12 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif [2014-03-20 15:00:56 | 000,000,005 | ---- | M] () -- C:\Windows\treeskp.sys [2014-03-20 15:00:56 | 000,000,005 | ---- | M] () -- C:\Windows\sbacknt.bin [2014-03-20 14:49:09 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140322-135327.backup [2014-03-18 19:49:15 | 000,002,114 | ---- | M] () -- C:\Users\Laciaty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2014-03-18 13:57:24 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140320-144909.backup [2014-03-17 15:18:00 | 001,666,088 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-03-17 15:18:00 | 000,738,970 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-03-17 15:18:00 | 000,661,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-03-17 15:18:00 | 000,155,080 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-03-17 15:18:00 | 000,121,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-03-16 19:49:08 | 000,000,588 | ---- | M] () -- C:\Users\Laciaty\Desktop\Neverwinter.lnk [2014-03-15 15:58:15 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2014-03-15 15:58:15 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-03-14 19:53:37 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Episodes From Liberty City.lnk [2014-03-14 19:53:37 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EFLC (áåç ïàðàìåòðîâ).lnk [2014-03-14 17:46:41 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2014-03-14 17:46:41 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\GTA IV (áåç ïàðàìåòðîâ).lnk [2014-03-13 11:31:01 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140318-135724.backup [2014-03-13 09:51:21 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014-03-11 21:58:23 | 000,000,705 | ---- | M] () -- C:\Users\Laciaty\Desktop\Enemy Territory.lnk [2014-03-08 22:58:55 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140313-113101.backup [2014-03-06 16:48:16 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140308-225855.backup [2014-03-05 18:04:42 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140306-164816.backup [2014-03-05 17:59:20 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140305-180442.backup [2014-03-05 17:58:29 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140305-175920.backup [2014-03-04 12:43:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014-03-04 11:56:48 | 000,000,383 | ---- | M] () -- C:\Users\Public\Desktop\COD4.lnk [2014-03-04 11:56:13 | 000,000,273 | ---- | M] () -- C:\Windows\game.ini [2014-03-04 11:44:31 | 000,000,855 | ---- | M] () -- C:\Users\Laciaty\Desktop\µTorrent.lnk [2014-03-04 11:44:31 | 000,000,835 | ---- | M] () -- C:\Users\Laciaty\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2014-03-03 23:26:38 | 000,000,800 | ---- | M] () -- C:\Windows\Cm108.ini.imi [2014-03-03 13:08:06 | 000,000,004 | ---- | M] () -- C:\Windows\info147.sys [2014-03-03 10:01:21 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\Castlevania Lords of Shadow 2.lnk [2014-02-28 15:23:26 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014-02-27 14:20:23 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140305-175829.backup [2014-02-27 14:19:45 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140227-142023.backup [2014-02-26 08:24:42 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140227-141945.backup [1 C:\Users\Laciaty\Desktop\*.tmp files -> C:\Users\Laciaty\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-03-25 16:14:05 | 000,000,115 | ---- | C] () -- C:\Users\Laciaty\Desktop\mTA.url [2014-03-20 21:24:13 | 000,026,506 | ---- | C] () -- C:\Windows\DIIUnin.dat [2014-03-20 21:24:12 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif [2014-03-16 19:49:08 | 000,000,588 | ---- | C] () -- C:\Users\Laciaty\Desktop\Neverwinter.lnk [2014-03-14 19:53:37 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Episodes From Liberty City.lnk [2014-03-14 19:53:37 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EFLC (áåç ïàðàìåòðîâ).lnk [2014-03-14 17:46:41 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2014-03-14 17:46:41 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\GTA IV (áåç ïàðàìåòðîâ).lnk [2014-03-04 11:56:48 | 000,000,383 | ---- | C] () -- C:\Users\Public\Desktop\COD4.lnk [2014-03-04 11:56:13 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2014-03-04 11:44:31 | 000,000,855 | ---- | C] () -- C:\Users\Laciaty\Desktop\µTorrent.lnk [2014-03-04 11:44:31 | 000,000,835 | ---- | C] () -- C:\Users\Laciaty\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2014-03-03 18:58:17 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys [2014-03-03 18:58:17 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin [2014-03-03 13:08:06 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys [2014-03-03 10:01:21 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\Castlevania Lords of Shadow 2.lnk [2014-03-03 10:01:21 | 000,000,549 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castlevania Lords of Shadow 2.lnk [2014-02-09 20:48:38 | 000,000,017 | ---- | C] () -- C:\Users\Laciaty\AppData\Local\resmon.resmoncfg [2014-01-11 16:48:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014-01-11 16:48:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014-01-11 16:48:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014-01-11 16:48:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014-01-11 16:48:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013-12-27 02:10:06 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013-12-21 22:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2013-12-04 19:54:25 | 000,000,000 | -HS- | C] () -- C:\Users\Laciaty\AppData\Local\LumaEmu [2013-11-18 22:35:06 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013-11-18 22:35:06 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2013-11-17 15:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2013-11-17 15:43:29 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2013-11-17 15:43:00 | 000,001,459 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2013-11-17 15:43:00 | 000,000,800 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2013-11-17 15:42:58 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini [2013-11-17 15:38:55 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-11-17 15:38:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-11-16 11:07:40 | 001,645,366 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-11-16 11:02:31 | 000,018,184 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2013-11-16 11:02:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-09-07 18:13:26 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-09-07 18:13:26 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-01-28 17:08:37 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\.minecraft [2014-01-18 23:38:49 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\.minecraft - Kopia [2014-01-18 23:37:24 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\1.minecraft [2014-01-26 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\AC3Filter [2014-02-12 16:14:19 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Aeria Games & Entertainment [2014-03-08 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Audacity [2014-01-26 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\AVG [2014-02-10 19:20:13 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Awesomium [2014-03-20 22:29:17 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\DAEMON Tools Lite [2014-01-26 21:41:12 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\DVDVideoSoft [2014-03-27 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\foobar2000 [2014-02-24 21:09:09 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\library_dir [2013-11-17 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\LolClient [2013-11-18 22:35:54 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\NapiProjekt [2014-01-03 23:52:17 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Natural Selection 2 [2014-03-14 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\New Technology Studio [2013-11-17 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\OpenOffice.org [2013-11-17 15:38:00 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Origin [2014-02-26 22:15:10 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Raptr [2013-11-17 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\RIFT [2014-02-13 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\StunlockStudios [2013-06-25 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Thunderbird [2014-01-18 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Tibia [2014-01-25 14:14:28 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Tlen.pl [2014-03-26 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\TS3Client [2014-03-20 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\Tunngle [2014-03-26 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Laciaty\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT @Alternate Data Stream - 40 bytes -> C:\ProgramData:NT < End of report >