OTL logfile created on: 2011-08-03 15:05:34 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\P1r4t\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,51% Memory free 8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 88,40 Gb Total Space | 3,92 Gb Free Space | 4,43% Space Free | Partition Type: NTFS Drive D: | 84,90 Gb Total Space | 5,70 Gb Free Space | 6,71% Space Free | Partition Type: NTFS Computer Name: P1R4T-ACER | User Name: P1r4t | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-08-03 01:44:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\P1r4t\Desktop\OTL.exe PRC - [2011-08-02 22:36:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe PRC - [2011-07-06 11:21:26 | 003,788,704 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2011-07-06 11:21:10 | 002,341,288 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe PRC - [2011-07-06 11:20:48 | 002,384,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe PRC - [2011-07-06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe PRC - [2011-07-06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2011-07-06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011-06-28 13:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011-06-28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011-06-01 15:14:56 | 013,349,472 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2011-03-18 17:50:58 | 007,691,128 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011-03-18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2010-07-16 18:23:30 | 006,638,080 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe PRC - [2010-06-09 16:15:34 | 000,417,906 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe PRC - [2009-08-24 16:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009-07-08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-08-03 01:44:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\P1r4t\Desktop\OTL.exe MOD - [2011-07-06 11:20:08 | 000,280,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll MOD - [2010-11-20 14:21:35 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2010-11-20 14:18:24 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credui.dll MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-07-14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV:[b]64bit:[/b] - [2009-07-01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-07-06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService) SRV - [2011-07-06 11:20:02 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService) SRV - [2011-07-06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService) SRV - [2011-07-06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService) SRV - [2011-06-28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011-03-18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010-10-17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2010-07-16 18:23:30 | 006,638,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-04-30 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2007-05-31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-07-11 10:52:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-06-20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2011-05-15 20:25:06 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2011-05-15 20:25:05 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2011-04-03 02:16:19 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-22 22:14:18 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009-07-07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis) DRV:[b]64bit:[/b] - [2009-07-07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp) DRV:[b]64bit:[/b] - [2009-07-02 04:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009-07-02 04:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009-07-02 04:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009-06-25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009-06-25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2009-06-25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2009-06-24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel(R) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-06 03:29:14 | 000,032,256 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA310USB.sys -- (A310) DRV:[b]64bit:[/b] - [2009-05-06 03:29:08 | 000,055,296 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA310Cap.sys -- (BDASwCap) DRV:[b]64bit:[/b] - [2009-04-30 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:[b]64bit:[/b] - [2009-04-08 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009-02-13 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:[b]64bit:[/b] - [2009-02-13 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:[b]64bit:[/b] - [2009-02-13 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:[b]64bit:[/b] - [2006-06-18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2011-07-10 21:44:04 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011-07-06 11:20:14 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver) DRV - [2008-01-24 20:25:22 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: mozrepl@hyperstruct.net:1.1beta2 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@ganymede/NAVY,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\NAVY\NPNAVY.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6\components [2011-01-09 01:51:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6\plugins [2011-06-22 13:29:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011-08-02 22:36:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2011-07-10 16:33:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011-07-21 17:09:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-05-09 01:19:08 | 000,000,000 | ---D | M] [2011-01-09 01:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Extensions [2010-12-29 17:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011-08-01 23:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Firefox\Profiles\30o56401.default\extensions [2011-07-17 03:54:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Firefox\Profiles\30o56401.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011-08-01 23:07:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Firefox\Profiles\30o56401.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-05-11 23:13:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Firefox\Profiles\30o56401.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011-02-01 00:47:16 | 000,000,000 | ---D | M] (MozRepl) -- C:\Users\P1r4t\AppData\Roaming\mozilla\Firefox\Profiles\30o56401.default\extensions\mozrepl@hyperstruct.net File not found (No name found) -- () (No name found) -- C:\USERS\P1R4T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30O56401.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\P1R4T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30O56401.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\P1R4T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30O56401.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000..\Run: [Memory Improve Professional] C:\Program Files (x86)\Memory Improve Professional\MemoryImproveProfessional.exe (Memory Solution Studio) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm () O8:[b]64bit:[/b] - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm () O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3936095836-3497781262-1210350830-1000\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-06 17:24:39 | 000,060,327 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{8f251226-3ad9-11e0-96dd-001b2466952c}\Shell - "" = AutoRun O33 - MountPoints2\{8f251226-3ad9-11e0-96dd-001b2466952c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2020-07-08 12:52:24 | 000,000,000 | ---D | C] -- C:\wms [2011-08-03 02:27:16 | 000,000,000 | ---D | C] -- C:\Users\P1r4t\Desktop\logi [2011-08-03 01:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover [2011-08-03 01:45:22 | 000,000,000 | ---D | C] -- C:\_OTL [2011-08-03 01:44:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\P1r4t\Desktop\OTL.exe [2011-07-30 08:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011-07-30 08:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011-07-29 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\P1r4t\Desktop\NMP [2011-07-28 20:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pure Networks [2011-07-28 20:29:26 | 000,033,328 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\SysNative\drivers\pnarp.sys [2011-07-28 20:29:16 | 000,035,376 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\SysNative\drivers\purendis.sys [2011-07-28 20:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pure Networks Shared [2011-07-28 20:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks [2011-07-28 20:26:22 | 014,755,112 | ---- | C] (Cisco Systems, Inc.) -- C:\Users\P1r4t\Desktop\nmsetup.exe [2011-07-17 03:44:48 | 000,000,000 | ---D | C] -- C:\Users\P1r4t\Application Data [2011-07-14 11:44:47 | 000,000,000 | ---D | C] -- C:\Users\P1r4t\Desktop\bankowo [2011-07-11 10:58:46 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps [2011-07-11 10:52:54 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011-07-11 10:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011-07-11 10:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2011-07-11 10:20:57 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2011-07-11 10:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2011-07-11 10:18:12 | 042,147,760 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\P1r4t\Desktop\spybotsd-2.0.4-beta2.exe [2011-07-11 01:29:55 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Users\P1r4t\Desktop\cwshredder.exe [2011-07-10 21:44:04 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011-07-10 21:41:37 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011-07-10 21:41:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011-07-10 21:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011-07-10 21:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011-07-10 21:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011-07-10 21:31:36 | 000,000,000 | ---D | C] -- C:\Users\P1r4t\Desktop\Ad-Aware_Anniversary_Pro_8.2.2_ENG_Portable [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2020-07-08 12:31:06 | 018,530,624 | ---- | M] () -- C:\Users\P1r4t\Desktop\setup_ws.exe [2011-08-03 15:08:01 | 004,980,736 | -HS- | M] () -- C:\Users\P1r4t\NTUSER.DAT [2011-08-03 15:07:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-08-03 15:06:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-08-03 15:06:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-08-03 06:13:09 | 001,565,811 | -H-- | M] () -- C:\Users\P1r4t\AppData\Local\IconCache.db [2011-08-03 02:04:15 | 000,001,895 | ---- | M] () -- C:\Users\P1r4t\Desktop\AD-R.lnk [2011-08-03 02:02:25 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011-08-03 02:02:25 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011-08-03 02:00:24 | 000,109,936 | ---- | M] () -- C:\Users\P1r4t\AppData\Local\GDIPFONTCACHEV1.DAT [2011-08-03 01:44:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\P1r4t\Desktop\OTL.exe [2011-07-31 18:48:06 | 000,700,628 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-07-31 18:48:06 | 000,618,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-07-31 18:48:06 | 000,136,590 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-07-31 18:48:06 | 000,107,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-07-31 18:48:05 | 001,558,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-07-30 08:08:39 | 000,179,484 | ---- | M] () -- C:\Windows\hpoins46.dat [2011-07-30 08:07:28 | 070,358,040 | ---- | M] () -- C:\Users\P1r4t\Desktop\DJ_AIO_06_F4500_USW_Basic_Win_plk_140_175.exe [2011-07-29 23:58:30 | 027,870,282 | ---- | M] () -- C:\Users\P1r4t\Desktop\NMP.zip [2011-07-28 20:43:24 | 005,228,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-07-28 20:30:07 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk [2011-07-28 20:26:35 | 014,755,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Users\P1r4t\Desktop\nmsetup.exe [2011-07-21 17:24:19 | 000,439,013 | ---- | M] () -- C:\Users\P1r4t\Desktop\thunderbird_conversations-2.0.7-tb.xpi [2011-07-21 12:24:56 | 000,007,009 | ---- | M] () -- C:\Users\P1r4t\Desktop\channel_list_LE40C650_1001_wersja_firmware_3003.zip [2011-07-21 12:04:08 | 000,187,411 | ---- | M] () -- C:\Users\P1r4t\Desktop\c650 switch pvr.pdf [2011-07-19 04:52:24 | 004,149,888 | ---- | M] () -- C:\Users\P1r4t\Desktop\akt.pdf [2011-07-19 04:52:10 | 000,165,905 | ---- | M] () -- C:\Users\P1r4t\Desktop\postanowienie.pdf [2011-07-11 10:52:54 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011-07-11 10:25:30 | 000,348,476 | ---- | M] () -- C:\Users\P1r4t\Desktop\zaswiadczenie_od_pracodawcy.pdf [2011-07-11 10:21:03 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011-07-11 10:19:50 | 000,030,139 | ---- | M] () -- C:\Users\P1r4t\Desktop\zaswiadczenie.pdf [2011-07-11 10:18:45 | 042,147,760 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\P1r4t\Desktop\spybotsd-2.0.4-beta2.exe [2011-07-11 01:29:56 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Users\P1r4t\Desktop\cwshredder.exe [2011-07-10 21:44:04 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011-07-10 21:44:01 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011-07-10 21:41:40 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011-07-10 21:40:58 | 010,145,792 | ---- | M] () -- C:\Users\P1r4t\Desktop\Ad-Aware90Install.msi [2011-07-10 21:30:18 | 101,144,691 | ---- | M] () -- C:\Users\P1r4t\Desktop\Ad-Aware_Anniversary_Pro_8.2.2_ENG_Portable.rar [2011-07-10 21:10:29 | 000,000,014 | ---- | M] () -- C:\Windows\Setup.INI [2011-07-07 23:33:40 | 000,007,168 | ---- | M] () -- C:\Users\P1r4t\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-07 23:05:19 | 001,889,490 | ---- | M] () -- C:\Users\P1r4t\Desktop\KMBT25020110628004549.pdf [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2020-07-08 12:30:25 | 018,530,624 | ---- | C] () -- C:\Users\P1r4t\Desktop\setup_ws.exe [2011-08-03 01:58:36 | 000,001,895 | ---- | C] () -- C:\Users\P1r4t\Desktop\AD-R.lnk [2011-07-30 08:08:09 | 000,179,484 | ---- | C] () -- C:\Windows\hpoins46.dat [2011-07-30 08:08:09 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat [2011-07-30 08:02:47 | 070,358,040 | ---- | C] () -- C:\Users\P1r4t\Desktop\DJ_AIO_06_F4500_USW_Basic_Win_plk_140_175.exe [2011-07-29 23:44:25 | 027,870,282 | ---- | C] () -- C:\Users\P1r4t\Desktop\NMP.zip [2011-07-28 20:30:07 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk [2011-07-28 20:30:07 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk [2011-07-21 17:24:14 | 000,439,013 | ---- | C] () -- C:\Users\P1r4t\Desktop\thunderbird_conversations-2.0.7-tb.xpi [2011-07-21 17:09:11 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011-07-21 12:24:54 | 000,007,009 | ---- | C] () -- C:\Users\P1r4t\Desktop\channel_list_LE40C650_1001_wersja_firmware_3003.zip [2011-07-21 12:04:07 | 000,187,411 | ---- | C] () -- C:\Users\P1r4t\Desktop\c650 switch pvr.pdf [2011-07-19 04:52:22 | 004,149,888 | ---- | C] () -- C:\Users\P1r4t\Desktop\akt.pdf [2011-07-19 04:52:08 | 000,165,905 | ---- | C] () -- C:\Users\P1r4t\Desktop\postanowienie.pdf [2011-07-17 15:42:48 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011-07-17 15:42:47 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011-07-11 10:24:54 | 000,348,476 | ---- | C] () -- C:\Users\P1r4t\Desktop\zaswiadczenie_od_pracodawcy.pdf [2011-07-11 10:21:14 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2011-07-11 10:21:13 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2011-07-11 10:21:12 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2011-07-11 10:21:03 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2011-07-11 10:21:03 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011-07-11 10:19:18 | 000,030,139 | ---- | C] () -- C:\Users\P1r4t\Desktop\zaswiadczenie.pdf [2011-07-10 21:59:30 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011-07-10 21:41:39 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011-07-10 21:40:51 | 010,145,792 | ---- | C] () -- C:\Users\P1r4t\Desktop\Ad-Aware90Install.msi [2011-07-10 21:24:32 | 101,144,691 | ---- | C] () -- C:\Users\P1r4t\Desktop\Ad-Aware_Anniversary_Pro_8.2.2_ENG_Portable.rar [2011-07-07 23:05:11 | 001,889,490 | ---- | C] () -- C:\Users\P1r4t\Desktop\KMBT25020110628004549.pdf [2011-03-29 03:08:01 | 000,093,647 | ---- | C] () -- C:\Windows\LookDisk Uninstaller.exe [2011-02-09 23:41:05 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-02-09 23:41:05 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2011-02-01 12:08:48 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2011-02-01 12:08:47 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll [2011-02-01 12:08:47 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll [2011-02-01 12:08:47 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll [2011-02-01 12:08:47 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll [2011-02-01 12:08:47 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll [2011-02-01 12:08:47 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll [2011-02-01 12:08:47 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll [2011-02-01 12:08:47 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll [2011-02-01 12:08:47 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll [2011-02-01 12:08:47 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll [2011-02-01 12:08:47 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll [2011-02-01 12:08:47 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll [2011-02-01 12:08:47 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll [2011-02-01 12:08:47 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll [2011-02-01 12:08:47 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll [2011-02-01 12:08:47 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll [2011-01-08 17:22:23 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-12-30 21:06:30 | 000,007,168 | ---- | C] () -- C:\Users\P1r4t\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-29 21:51:39 | 000,000,014 | ---- | C] () -- C:\Windows\Setup.INI [2010-12-29 18:22:56 | 000,000,169 | ---- | C] () -- C:\Users\P1r4t\AppData\Roaming\Mouse Monitor_Settings.ini [2010-12-29 18:21:32 | 000,000,183 | ---- | C] () -- C:\Users\P1r4t\AppData\Roaming\Top Process Monitor_Settings.ini [2010-12-29 14:39:58 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010-12-29 14:39:58 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010-12-29 14:39:58 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010-12-29 14:39:58 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2010-12-28 23:11:09 | 000,109,936 | ---- | C] () -- C:\Users\P1r4t\AppData\Local\GDIPFONTCACHEV1.DAT [2010-12-28 23:10:56 | 000,007,599 | ---- | C] () -- C:\Users\P1r4t\AppData\Local\Resmon.ResmonCfg [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:34:57 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007-04-26 00:36:10 | 001,565,811 | -H-- | C] () -- C:\Users\P1r4t\AppData\Local\IconCache.db [color=#E56717]========== LOP Check ==========[/color] [2011-08-02 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\ESET [2010-12-30 00:51:37 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\ACD Systems [2011-07-22 10:33:54 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\BESTplayer [2011-06-26 22:40:57 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\BitLord [2011-04-03 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Blueberry [2011-02-25 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\DAEMON Tools Lite [2011-06-10 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Dropbox [2011-04-21 10:37:31 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Easy Forex [2011-05-09 16:00:45 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\ESET [2011-08-03 02:41:07 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\FileZilla [2011-07-13 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Gadu-Gadu 10 [2011-07-11 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\GanymedeNet [2011-06-26 15:00:21 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\GetRightToGo [2011-03-09 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\HDRsoft [2011-07-09 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\ipla [2010-12-29 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\IrfanView [2011-03-29 03:08:32 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\ldw_data [2011-04-03 02:16:37 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\LogSys [2010-12-29 12:05:56 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Opera [2011-03-15 12:48:36 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\PandoraRecovery [2011-05-03 13:46:54 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\pl.5fantastic.oneway.8566CE160176669D38AD6CA5DF2B8C8BE659144F.1 [2011-01-11 18:49:29 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Python-Eggs [2011-01-08 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\RDRM [2011-04-01 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\TeamViewer [2010-12-29 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\Thunderbird [2011-02-22 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\P1r4t\AppData\Roaming\UBitMenu [2007-04-26 00:01:06 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job [2007-04-26 00:00:44 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job [2007-04-26 00:00:44 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job [2007-04-26 18:37:25 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:9F49E34B < End of report >