x-kom hosting

log

jstat
utworzono
utworzono (edytowane)

[LOG]Logfile of random's system information tool 1.08 (written by random/random)
Run by PARADOX at 2011-02-01 18:37:36
Microsoft Windows 7 Ultimate
System drive C: has 4 GB (27%) free of 15 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:56, on 2011-02-01
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
G:\Program Files\uTorrent\uTorrent.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\AVG\AVG10\avgtray.exe
G:\Program Files\AVG\AVG10\avgui.exe
G:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
G:\Program Files\AVG\AVG10\avgscanx.exe
C:\Windows\system32\conhost.exe
G:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PARADOX\Desktop\RSIT.exe
C:\Program Files\trend micro\PARADOX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG10\avgwdsvc.exe

--
End of file - 3872 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - G:\Program Files\AVG\AVG10\avgssie.dll [2011-01-07 2731872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"AVG_TRAY"=G:\Program Files\AVG\AVG10\avgtray.exe [2011-01-07 2747744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"AQQ"=C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2011-01-21 8990720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-01 18:37:36 ----D---- C:\rsit
2011-02-01 18:33:36 ----D---- C:\Users\PARADOX\AppData\Roaming\AVG10
2011-02-01 18:33:15 ----HD---- C:\ProgramData\Common Files
2011-02-01 18:32:26 ----D---- C:\Windows\system32\drivers\AVG
2011-02-01 18:32:26 ----D---- C:\ProgramData\AVG10
2011-02-01 18:31:00 ----D---- C:\ProgramData\MFAData
2011-02-01 18:12:04 ----D---- C:\Program Files\Trend Micro
2011-02-01 18:04:17 ----D---- C:\Windows\temp
2011-02-01 18:04:15 ----A---- C:\ComboFix.txt
2011-02-01 18:03:45 ----SHD---- C:\$RECYCLE.BIN
2011-02-01 17:59:30 ----A---- C:\Windows\zip.exe
2011-02-01 17:59:30 ----A---- C:\Windows\SWSC.exe
2011-02-01 17:59:30 ----A---- C:\Windows\SWREG.exe
2011-02-01 17:59:30 ----A---- C:\Windows\sed.exe
2011-02-01 17:59:30 ----A---- C:\Windows\PEV.exe
2011-02-01 17:59:30 ----A---- C:\Windows\NIRCMD.exe
2011-02-01 17:59:30 ----A---- C:\Windows\MBR.exe
2011-02-01 17:59:30 ----A---- C:\Windows\grep.exe
2011-02-01 17:59:06 ----A---- C:\Windows\SWXCACLS.exe
2011-02-01 17:59:04 ----D---- C:\32788R22FWJFW
2011-02-01 17:58:27 ----D---- C:\Windows\ERDNT
2011-02-01 17:57:38 ----D---- C:\Qoobox
2011-02-01 16:28:00 ----D---- C:\Users\PARADOX\AppData\Roaming\uTorrent
2011-02-01 16:25:33 ----D---- C:\Users\PARADOX\AppData\Roaming\ImgBurn
2011-01-30 19:57:28 ----D---- C:\Program Files\TP
2011-01-30 19:57:19 ----A---- C:\Windows\uninst.exe
2011-01-30 19:57:15 ----RASH---- C:\MSDOS.SYS
2011-01-30 19:57:15 ----RASH---- C:\IO.SYS
2011-01-29 00:00:53 ----D---- C:\ProgramData\Adobe
2011-01-28 23:29:43 ----D---- C:\Program Files\Common Files\Adobe
2011-01-28 22:09:20 ----D---- C:\Users\PARADOX\AppData\Roaming\FileZilla
2011-01-28 20:59:42 ----D---- C:\Users\PARADOX\AppData\Roaming\skypePM
2011-01-28 20:57:33 ----D---- C:\Program Files\Common Files\Skype
2011-01-28 20:57:32 ----RD---- C:\Program Files\Skype
2011-01-28 20:57:32 ----D---- C:\Users\PARADOX\AppData\Roaming\Skype
2011-01-28 20:57:31 ----D---- C:\ProgramData\Skype
2011-01-28 01:45:10 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-01-28 01:45:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-01-28 01:45:10 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-28 01:45:10 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-28 01:45:09 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-28 01:41:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-28 00:26:09 ----D---- C:\Users\PARADOX\AppData\Roaming\Mozilla
2011-01-27 23:35:48 ----D---- C:\Windows\Sun
2011-01-27 23:21:05 ----D---- C:\ProgramData\PMB Files
2011-01-27 23:20:39 ----D---- C:\Program Files\Pando Networks
2011-01-27 21:01:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Leadertech
2011-01-26 21:26:44 ----D---- C:\ProgramData\Sports Interactive
2011-01-26 21:26:19 ----D---- C:\Users\PARADOX\AppData\Roaming\Sports Interactive
2011-01-26 19:48:04 ----D---- C:\Users\PARADOX\AppData\Roaming\TS3Client
2011-01-26 16:12:25 ----A---- C:\Windows\system32\yv12vfw.dll
2011-01-26 16:12:25 ----A---- C:\Windows\system32\xvidvfw.dll
2011-01-26 16:12:25 ----A---- C:\Windows\system32\xvidcore.dll
2011-01-26 16:12:25 ----A---- C:\Windows\system32\unrar.dll
2011-01-26 16:12:25 ----A---- C:\Windows\avisplitter.ini
2011-01-26 16:12:24 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2011-01-26 16:12:24 ----A---- C:\Windows\system32\ff_vfw.dll
2011-01-26 01:02:25 ----D---- C:\Program Files\CCleaner
2011-01-26 00:57:46 ----D---- C:\Users\PARADOX\AppData\Roaming\RDRM
2011-01-26 00:57:46 ----D---- C:\Users\PARADOX\AppData\Roaming\ipla
2011-01-26 00:57:46 ----D---- C:\ProgramData\ipla
2011-01-26 00:57:30 ----A---- C:\Windows\system32\msvcr71.dll
2011-01-26 00:57:30 ----A---- C:\Windows\system32\mfc71.dll
2011-01-26 00:57:30 ----A---- C:\Windows\system32\gdiplus.dll
2011-01-25 21:49:26 ----D---- C:\Windows\Panther
2011-01-25 21:49:14 ----RASH---- C:\BOOTSECT.BAK
2011-01-25 21:49:12 ----D---- C:\Boot
2011-01-25 21:45:46 ----D---- C:\Users\PARADOX\AppData\Roaming\.minecraft server
2011-01-25 21:35:53 ----D---- C:\Users\PARADOX\AppData\Roaming\.minecraft
2011-01-25 21:35:53 ----D---- C:\ProgramData\Sun
2011-01-25 21:35:53 ----D---- C:\Program Files\Common Files\Java
2011-01-25 21:35:45 ----A---- C:\Windows\system32\javaws.exe
2011-01-25 21:35:45 ----A---- C:\Windows\system32\javaw.exe
2011-01-25 21:35:45 ----A---- C:\Windows\system32\java.exe
2011-01-25 21:35:45 ----A---- C:\Windows\system32\deployJava1.dll
2011-01-25 21:35:41 ----D---- C:\Program Files\Java
2011-01-25 21:29:57 ----D---- C:\Users\PARADOX\AppData\Roaming\WinRAR
2011-01-25 21:14:35 ----D---- C:\Users\PARADOX\AppData\Roaming\AnvSoft
2011-01-25 21:04:50 ----D---- C:\Program Files\vShare
2011-01-25 20:47:59 ----D---- C:\Program Files\WapSter
2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xinput1_3.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xinput1_2.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xinput1_1.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-01-25 19:40:46 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-01-25 19:40:45 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-01-25 19:40:45 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-01-25 19:30:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Macromedia
2011-01-25 19:30:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Adobe
2011-01-25 19:30:23 ----D---- C:\Windows\system32\Macromed
2011-01-25 19:28:22 ----N---- C:\Windows\system32\MpSigStub.exe
2011-01-25 19:26:46 ----D---- C:\Users\PARADOX\AppData\Roaming\Opera
2011-01-25 19:26:45 ----D---- C:\Program Files\Opera
2011-01-25 19:24:40 ----D---- C:\Users\PARADOX\AppData\Roaming\ATI
2011-01-25 19:24:40 ----D---- C:\ProgramData\ATI
2011-01-25 19:24:02 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-01-25 19:23:23 ----SHD---- C:\Windows\Installer
2011-01-25 19:23:15 ----D---- C:\Program Files\ATI Technologies
2011-01-25 19:23:13 ----D---- C:\Program Files\ATI
2011-01-25 19:22:06 ----D---- C:\Windows\AMD
2011-01-25 14:21:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-25 14:15:59 ----D---- C:\Users\PARADOX\AppData\Roaming\Identities
2011-01-25 14:15:51 ----SD---- C:\Users\PARADOX\AppData\Roaming\Microsoft
2011-01-25 14:15:51 ----D---- C:\Users\PARADOX\AppData\Roaming\Media Center Programs
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Ulubione
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Szablony
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Pulpit
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Menu Start
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Dokumenty
2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Dane aplikacji
2011-01-25 14:15:41 ----D---- C:\Recovery
2011-01-25 12:53:56 ----D---- C:\Windows\SoftwareDistribution
2011-01-25 12:50:26 ----D---- C:\Windows\Prefetch
2011-01-25 12:50:12 ----ASH---- C:\pagefile.sys
2011-01-25 12:50:10 ----SHD---- C:\System Volume Information
2011-01-25 12:50:10 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2011-02-01 18:33:59 ----D---- C:\Windows\System32
2011-02-01 18:33:15 ----D---- C:\ProgramData
2011-02-01 18:33:00 ----D---- C:\Windows\system32\drivers
2011-02-01 18:31:58 ----D---- C:\Windows\winsxs
2011-02-01 18:31:48 ----D---- C:\Windows\system32\config
2011-02-01 18:31:45 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-01 18:12:04 ----RD---- C:\Program Files
2011-02-01 18:04:17 ----D---- C:\Windows
2011-02-01 18:03:15 ----A---- C:\Windows\system.ini
2011-02-01 18:01:44 ----D---- C:\Windows\AppPatch
2011-02-01 18:01:43 ----D---- C:\Program Files\Common Files
2011-02-01 13:56:08 ----D---- C:\Windows\inf
2011-01-29 00:15:11 ----RSD---- C:\Windows\Fonts
2011-01-28 20:58:02 ----D---- C:\Windows\system32\Tasks
2011-01-28 20:45:30 ----SD---- C:\ProgramData\Microsoft
2011-01-28 20:45:28 ----D---- C:\Windows\system32\drivers\UMDF
2011-01-27 20:55:47 ----RSD---- C:\Windows\assembly
2011-01-27 16:11:35 ----D---- C:\Windows\system32\NDF
2011-01-26 14:01:35 ----D---- C:\Windows\system32\catroot2
2011-01-26 14:01:35 ----D---- C:\Windows\system32\catroot
2011-01-26 13:49:50 ----D---- C:\Windows\Logs
2011-01-25 21:12:29 ----HD---- C:\Windows\system32\GroupPolicy
2011-01-25 21:05:30 ----D---- C:\Windows\Downloaded Program Files
2011-01-25 19:40:45 ----D---- C:\Windows\Microsoft.NET
2011-01-25 19:39:35 ----D---- C:\Windows\system32\DriverStore
2011-01-25 19:23:33 ----D---- C:\Windows\system32\restore
2011-01-25 15:33:16 ----D---- C:\Windows\system32\wdi
2011-01-25 14:21:18 ----D---- C:\Windows\system32\wbem
2011-01-25 14:20:57 ----D---- C:\Windows\system32\LogFiles
2011-01-25 14:15:50 ----RD---- C:\Users
2011-01-25 14:15:41 ----D---- C:\Program Files\Windows NT
2011-01-25 14:15:13 ----D---- C:\Windows\debug
2011-01-25 13:05:12 ----D---- C:\Windows\system32\CodeIntegrity
2011-01-25 12:53:51 ----D---- C:\Windows\system32\sysprep
2011-01-25 12:50:50 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 21072]
R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\PARADOX\AppData\Local\Temp\catchme.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 AVGIDSAgent;AVGIDSAgent; G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
R2 avgwd;AVG WatchDog; G:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------[/log]

[log]OTL logfile created on: 2011-02-01 20:09:07 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 4,26 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS
Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS

Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
PRC - [2011-02-01 16:28:50 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- G:\Program Files\uTorrent\uTorrent.exe
PRC - [2011-01-29 12:45:59 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011-01-21 13:27:40 | 008,990,720 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010-11-26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-11-26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-11-17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009-12-17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009-08-09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]







IE - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVG10\Firefox\ [2011-02-01 18:32:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Frajer Koks\components [2011-01-28 00:26:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Frajer Koks\plugins [2011-01-30 14:23:02 | 000,000,000 | ---D | M]

[2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Extensions
[2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Firefox\Profiles\x7psqbyd.default\extensions
[2011-01-28 20:57:58 | 000,000,000 | ---D | M] (Skype extension) -- G:\FRAJER KOKS\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011-02-01 18:32:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVG10\FIREFOX

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.72.64.11 94.72.64.10 217.17.34.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - G:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - G:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-01 20:06:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
[2011-02-01 18:43:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-02-01 18:37:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-01 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AVG10
[2011-02-01 18:33:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011-02-01 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011-02-01 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011-02-01 18:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-02-01 18:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-02-01 17:59:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-02-01 17:59:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-02-01 17:59:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-02-01 17:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011-02-01 17:59:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011-02-01 17:58:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-02-01 17:57:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-02-01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\uTorrent
[2011-02-01 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn
[2011-02-01 16:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011-01-31 22:07:50 | 000,608,768 | ---- | C] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe
[2011-01-30 19:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pascal 7
[2011-01-30 19:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\TP
[2011-01-30 19:57:19 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2011-01-30 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011-01-29 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Updater
[2011-01-29 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Adobe
[2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011-01-28 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Any Video Converter
[2011-01-28 22:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011-01-28 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\FileZilla
[2011-01-28 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\skypePM
[2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-01-28 20:57:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011-01-28 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Skype
[2011-01-28 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-01-28 01:45:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011-01-28 01:45:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011-01-28 01:45:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011-01-28 01:45:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011-01-28 01:45:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011-01-28 01:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-01-28 01:41:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Mozilla
[2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Mozilla
[2011-01-27 23:35:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-01-27 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\PMB Files
[2011-01-27 23:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-01-27 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011-01-27 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\FIFA 11
[2011-01-27 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Leadertech
[2011-01-27 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Deluxe Ski Jump 4
[2011-01-27 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-26 21:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive
[2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Sports Interactive
[2011-01-26 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\TS3Client
[2011-01-26 18:50:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ElevatedDiagnostics
[2011-01-26 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla
[2011-01-26 16:12:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011-01-26 16:12:25 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-01-26 16:12:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011-01-26 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\RDRM
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ipla
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla
[2011-01-26 00:57:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011-01-26 00:57:30 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2011-01-25 21:49:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-01-25 21:49:12 | 000,000,000 | ---D | C] -- C:\Boot
[2011-01-25 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft
[2011-01-25 21:35:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011-01-25 21:35:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-01-25 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-01-25 21:29:57 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\WinRAR
[2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-01-25 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft
[2011-01-25 21:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2011-01-25 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\WapSter
[2011-01-25 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter
[2011-01-25 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[2011-01-25 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Diagnostics
[2011-01-25 19:40:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011-01-25 19:40:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011-01-25 19:40:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011-01-25 19:40:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011-01-25 19:40:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011-01-25 19:40:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011-01-25 19:40:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011-01-25 19:40:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011-01-25 19:40:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011-01-25 19:40:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011-01-25 19:40:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011-01-25 19:40:49 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011-01-25 19:40:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011-01-25 19:40:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011-01-25 19:40:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011-01-25 19:40:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011-01-25 19:40:48 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011-01-25 19:40:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011-01-25 19:40:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011-01-25 19:40:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011-01-25 19:40:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011-01-25 19:40:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011-01-25 19:40:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011-01-25 19:40:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011-01-25 19:40:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011-01-25 19:40:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011-01-25 19:40:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011-01-25 19:40:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011-01-25 19:40:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011-01-25 19:40:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011-01-25 19:40:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011-01-25 19:40:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011-01-25 19:40:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011-01-25 19:40:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011-01-25 19:40:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011-01-25 19:40:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011-01-25 19:40:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011-01-25 19:40:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011-01-25 19:40:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011-01-25 19:40:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011-01-25 19:40:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011-01-25 19:40:47 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011-01-25 19:40:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011-01-25 19:40:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011-01-25 19:40:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011-01-25 19:40:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011-01-25 19:40:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011-01-25 19:40:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011-01-25 19:40:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011-01-25 19:40:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011-01-25 19:40:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011-01-25 19:40:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011-01-25 19:40:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011-01-25 19:40:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011-01-25 19:40:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011-01-25 19:40:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011-01-25 19:40:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011-01-25 19:40:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011-01-25 19:40:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011-01-25 19:40:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011-01-25 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Macromedia
[2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Adobe
[2011-01-25 19:30:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011-01-25 19:28:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Opera
[2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Opera
[2011-01-25 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ATI
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ATI
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-01-25 19:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kreator raportowania problemów ATI
[2011-01-25 19:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-01-25 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011-01-25 19:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-01-25 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-01-25 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-01-25 19:22:06 | 000,000,000 | ---D | C] -- C:\Windows\AMD
[2011-01-25 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Searches
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-01-25 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Identities
[2011-01-25 14:15:58 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Contacts
[2011-01-25 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\VirtualStore
[2011-01-25 14:15:51 | 000,000,000 | --SD | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Videos
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Saved Games
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Pictures
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Music
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Links
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Favorites
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Downloads
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Documents
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Desktop
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Ustawienia lokalne
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Temporary Internet Files
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Szablony
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\SendTo
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Recent
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\PrintHood
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\NetHood
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje wideo
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje obrazy
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Moje dokumenty
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moja muzyka
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Menu Start
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Historia
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Dane aplikacji
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Dane aplikacji
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Cookies
[2011-01-25 14:15:51 | 000,000,000 | -H-D | C] -- C:\Users\PARADOX\AppData
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Temp
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Microsoft
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Media Center Programs
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2011-01-25 14:15:41 | 000,000,000 | ---D | C] -- C:\Recovery
[2011-01-25 12:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-01-25 12:50:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-01-25 12:50:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-12-08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
[2011-02-01 18:34:22 | 105,103,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-02-01 16:31:02 | 000,546,916 | ---- | M] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent
[2011-02-01 16:18:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 13:56:08 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-01 13:56:08 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-01 13:56:08 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-01 13:56:08 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-01 13:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-31 22:07:57 | 000,608,768 | ---- | M] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe
[2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW
[2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-01-30 18:40:26 | 000,000,603 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011-01-29 23:16:59 | 003,465,331 | ---- | M] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3
[2011-01-29 12:42:10 | 000,267,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-01-28 20:59:43 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-28 20:45:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-01-28 00:26:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-01-27 15:10:56 | 000,000,576 | ---- | M] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk
[2011-01-26 19:47:08 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011-01-26 00:57:30 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011-01-26 00:57:30 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-01-25 21:35:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011-01-25 21:35:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-01-25 19:26:46 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011-01-25 12:54:33 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011-01-25 12:52:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-01-13 09:00:00 | 000,080,896 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-13 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-12-07 19:40:22 | 000,183,808 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
[2010-12-07 19:22:46 | 000,810,496 | ---- | M] () -- C:\Windows\System32\xvidcore.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-01 18:34:22 | 105,103,635 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-02-01 17:59:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-02-01 17:59:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-02-01 17:59:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011-02-01 17:59:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-02-01 17:59:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-02-01 16:31:02 | 000,546,916 | ---- | C] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent
[2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011-01-30 21:00:18 | 000,354,606 | RHS- | C] () -- C:\MTQEW
[2011-01-30 21:00:18 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-01-30 18:40:26 | 000,000,603 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011-01-30 14:23:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-01-29 23:16:26 | 003,465,331 | ---- | C] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3
[2011-01-29 00:01:03 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011-01-29 00:01:03 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011-01-28 20:59:43 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-28 20:45:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-01-28 00:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-01-27 15:10:56 | 000,000,576 | ---- | C] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk
[2011-01-26 22:50:12 | 000,000,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011-01-26 19:47:08 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011-01-26 16:12:25 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-01-26 16:12:25 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-01-26 16:12:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-26 16:12:25 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011-01-26 16:12:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-26 16:12:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-25 21:49:14 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011-01-25 21:49:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011-01-25 19:26:46 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011-01-25 14:16:07 | 000,001,425 | ---- | C] () -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-01-25 12:54:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-01-25 12:54:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-01-25 12:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-01-25 12:50:10 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-01-25 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft
[2011-01-25 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server
[2011-01-25 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft
[2011-02-01 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AVG10
[2011-01-30 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\FileZilla
[2011-02-01 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn
[2011-01-30 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ipla
[2011-01-27 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Leadertech
[2011-01-25 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Opera
[2011-01-26 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\RDRM
[2011-01-26 21:26:19 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive
[2011-01-26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\TS3Client
[2011-02-01 20:10:31 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\uTorrent
[2009-07-14 05:53:46 | 000,005,244 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-02-01 18:04:15 | 000,010,842 | ---- | M] () -- C:\ComboFix.txt
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW
[2011-02-01 13:51:54 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >
[/log]

[log]OTL Extras logfile created on: 2011-02-01 20:09:07 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 4,26 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS
Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS

Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Frajer Koks\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{1DC4873F-493C-F305-B55E-0FE0BBC6EFD1}" = WMV9/VC-1 Video Playback
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDEE9257-8FEB-7BAF-B28F-C4737036D674}" = ATI Catalyst Install Manager
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EC048D90-85C5-9695-A647-E480D0BD4756}" = ccc-utility
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"Any Video Converter_is1" = Any Video Converter 3.1.8
"AQQ" = WapSter AQQ
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"FileZilla Client" = FileZilla Client 3.3.5.1
"ImgBurn" = ImgBurn
"ipla" = ipla 2.2.1
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Opera 11.01.1190" = Opera 11.01
"SopCast" = SopCast 3.3.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Turbo Pascal 7.0" = Turbo Pascal 7.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"vShare" = vShare Plugin
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-26 08:42:51 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-26 16:28:34 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: MaxPayne.exe, wersja: 1.0.0.0, sygnatura
czasowa: 0x31313931 Nazwa modułu powodującego błąd: e2mfc.dll, wersja: 0.0.0.0,
sygnatura czasowa: 0x3c468130 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001e764
Identyfikator
procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd:
0x01cbbd979289d7ef Ścieżka aplikacji powodującej błąd: D:\Max Payne\MaxPayne.exe
Ścieżka
modułu powodującego błąd: D:\Max Payne\e2mfc.dll Identyfikator raportu: d88dbb49-298a-11e0-bd43-001d7de6c270

Error - 2011-01-26 16:53:18 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: hl.exe, wersja: 1.1.1.1, sygnatura
czasowa: 0x48feaf5a Nazwa modułu powodującego błąd: steam.dll, wersja: 2.0.1008.901,
sygnatura czasowa: 0x4d2512b2 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x001e9eb3
Identyfikator
procesu powodującego błąd: 0xe08 Godzina uruchomienia aplikacji powodującej błąd:
0x01cbbd9af993b1f2 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\_daredevil__\counter-strike\hl.exe
Ścieżka
modułu powodującego błąd: D:\Steam\steam.dll Identyfikator raportu: 4d0d5d66-298e-11e0-bd43-001d7de6c270

Error - 2011-01-26 21:06:02 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-29 11:45:42 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-30 13:32:38 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-30 14:27:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0,
sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000
Identyfikator
procesu powodującego błąd: 0x1178 Godzina uruchomienia aplikacji powodującej błąd:
0x01cbc0ab22efbca1 Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe
Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: unknown Identyfikator
raportu: 9f9ff07f-2c9e-11e0-b893-001d7de6c270

Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0,
sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: Photoshop.exe, wersja:
9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Kod wyjątku: 0xc000001e Przesunięcie błędu:
0x00fafb08 Identyfikator procesu powodującego błąd: 0x1180 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cbc0ab699c5add Ścieżka aplikacji powodującej błąd: G:\Program
Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd:
G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Identyfikator raportu: bdba0b2f-2c9f-11e0-b893-001d7de6c270

Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących
przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak
dysku. System Windows zamknął program Adobe Photoshop CS2 z powodu tego błędu. Program:
Adobe Photoshop CS2 Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane.
Akcja
użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem,
który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można
uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić,
czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na
dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk
jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program
CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0

Error - 2011-01-31 15:03:26 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

[ System Events ]
Error - 2011-01-30 15:10:43 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-31 14:00:01 | Computer Name = PARADOX-AX | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-02-01 13:00:14 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-02-01 13:03:13 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.


< End of report >
[/log]

1]RSIT
2]OTL.TXT
3]OTL

Tomek01
komentarz
komentarz

Dlaczego nie jesteś pewien, rozwiń wypowiedź.

Używałeś Combofix'a, pokaż log, który powstał: Combofix.txt

  • Dobra wypowiedź 1
jstat
komentarz
komentarz

Ponieważ tak , miałem keyloga jakis czas temu i nie wiem do konca czy on dalej siedzi na kompie lub jakis inny, poniewaz ktos mi sie na konto wbił na forum.
formata mialem od razu kiedy zaatakkował.

[log]ComboFix 11-01-31.02 - PARADOX 2011-02-01 18:00:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2046.1114 [GMT 1:00]
Uruchomiony z: c:\users\PARADOX\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((( Pliki utworzone od 2011-01-01 do 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-02-01 17:03 . 2011-02-01 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 18:57 . 2011-01-30 18:57 -------- d-----w- c:\program files\TP
2011-01-30 18:57 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe
2011-01-28 22:29 . 2011-01-30 13:23 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----w- c:\program files\Common Files\Skype
2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----r- c:\program files\Skype
2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----w- c:\programdata\Skype
2011-01-28 00:45 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-01-28 00:45 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-01-28 00:45 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-01-28 00:45 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-01-28 00:45 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-01-28 00:41 . 2011-01-28 00:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-01-27 22:35 . 2011-01-27 22:35 -------- d-----w- c:\windows\Sun
2011-01-27 22:21 . 2011-01-28 00:10 -------- d-----w- c:\programdata\PMB Files
2011-01-27 22:20 . 2011-01-27 22:20 -------- d-----w- c:\program files\Pando Networks
2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\programdata\Sports Interactive
2011-01-26 15:12 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-01-26 15:12 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-01-26 15:12 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-01-26 15:12 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-01-26 15:12 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-01-26 15:12 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-01-26 15:12 . 2011-01-13 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-26 00:02 . 2011-01-26 00:02 -------- d-----w- c:\program files\CCleaner
2011-01-25 23:57 . 2011-01-25 23:57 -------- d-----w- c:\programdata\ipla
2011-01-25 23:57 . 2011-01-25 23:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-25 23:57 . 2011-01-25 23:57 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-25 23:57 . 2011-01-25 23:57 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-01-25 20:49 . 2011-01-25 13:15 -------- d-----w- c:\windows\Panther
2011-01-25 20:49 . 2011-01-25 20:49 -------- d-----w- C:\Boot
2011-01-25 20:35 . 2011-01-25 20:35 -------- d-----w- c:\program files\Common Files\Java
2011-01-25 20:35 . 2011-01-25 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-25 20:35 . 2011-01-25 20:35 -------- d-----w- c:\program files\Java
2011-01-25 20:04 . 2011-01-25 20:04 -------- d-----w- c:\program files\vShare
2011-01-25 19:47 . 2011-01-25 19:47 -------- d-----w- c:\program files\WapSter
2011-01-25 18:30 . 2011-01-25 18:30 -------- d-----w- c:\windows\system32\Macromed
2011-01-25 18:28 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFC3BF9B-5DD8-4206-910F-D19593D33209}\mpengine.dll
2011-01-25 18:28 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-25 18:26 . 2011-01-29 11:46 -------- d-----w- c:\program files\Opera
2011-01-25 18:24 . 2011-01-25 18:24 -------- d-----w- c:\programdata\ATI
2011-01-25 18:24 . 2011-01-25 18:24 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-25 18:23 . 2011-01-30 13:23 -------- d-sh--w- c:\windows\Installer
2011-01-25 18:23 . 2011-01-25 18:24 -------- d-----w- c:\program files\ATI Technologies
2011-01-25 18:23 . 2011-01-25 18:23 -------- d-----w- c:\program files\ATI
2011-01-25 18:22 . 2011-01-25 18:22 -------- d-----w- c:\windows\AMD
2011-01-25 13:21 . 2011-02-01 12:56 -------- d-----w- c:\windows\system32\wbem\Performance
2011-01-25 11:52 . 2011-01-25 11:52 0 ----a-w- c:\windows\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:49 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-11-26 02:30 . 2009-06-10 21:19 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 52736 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:22 . 2009-07-13 22:09 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-17 12:04 . 2010-11-17 12:04 101392 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2011-01-21 8990720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\users\PARADOX\AppData\Roaming\Mozilla\Firefox\Profiles\x7psqbyd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - g:\frajer koks\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - g:\frajer koks\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-Cool AVI To 3GP Converter_is1 - g:\program files\Cool AVI To 3GP Converter\unins000.exe
AddRemove-{B4C7FA0D-392F-4653-A631-6028E5CE1294}_is1 - g:\program files\Extreme Redeemer\unins000.exe


.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-02-01 18:04:15
ComboFix-quarantined-files.txt 2011-02-01 17:04

Przed: 4 620 775 424 bajtów wolnych
Po: 4 802 117 632 bajtów wolnych

- - End Of File - - F2978BFEB98CD0DBF29ADAB2C86AD090
[/log]

Tomek01
komentarz
komentarz

Odinstaluj Combofix'a:
Start >>> Uruchom >>> combofix /u [i naciskasz OK]
Ręcznie usuń kwarantannę C:\Qoobox

Po tych czynnościach pokaż nowy log OTL.

  • Dobra wypowiedź 1
jstat
komentarz
komentarz

[log]OTL logfile created on: 2011-02-01 21:14:33 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 4,28 Gb Free Space | 28,55% Space Free | Partition Type: NTFS
Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS
Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS

Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
PRC - [2011-01-29 12:45:59 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010-11-26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-11-26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-11-17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009-12-17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009-08-09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]







IE - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVG10\Firefox\ [2011-02-01 18:32:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Frajer Koks\components [2011-01-28 00:26:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Frajer Koks\plugins [2011-01-30 14:23:02 | 000,000,000 | ---D | M]

[2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Extensions
[2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Firefox\Profiles\x7psqbyd.default\extensions
[2011-01-28 20:57:58 | 000,000,000 | ---D | M] (Skype extension) -- G:\FRAJER KOKS\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011-02-01 18:32:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVG10\FIREFOX

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.72.64.11 94.72.64.10 217.17.34.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - G:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - G:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-01 20:06:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
[2011-02-01 18:43:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-02-01 18:37:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-01 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AVG10
[2011-02-01 18:33:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011-02-01 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011-02-01 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011-02-01 18:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-02-01 18:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-02-01 17:59:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-02-01 17:59:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-02-01 17:59:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-02-01 17:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011-02-01 17:58:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-02-01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\uTorrent
[2011-02-01 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn
[2011-02-01 16:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011-01-31 22:07:50 | 000,608,768 | ---- | C] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe
[2011-01-30 19:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pascal 7
[2011-01-30 19:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\TP
[2011-01-30 19:57:19 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2011-01-30 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011-01-29 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Updater
[2011-01-29 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Adobe
[2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011-01-28 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Any Video Converter
[2011-01-28 22:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011-01-28 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\FileZilla
[2011-01-28 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\skypePM
[2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-01-28 20:57:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011-01-28 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Skype
[2011-01-28 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-01-28 01:45:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011-01-28 01:45:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011-01-28 01:45:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011-01-28 01:45:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011-01-28 01:45:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011-01-28 01:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-01-28 01:41:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Mozilla
[2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Mozilla
[2011-01-27 23:35:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-01-27 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\PMB Files
[2011-01-27 23:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-01-27 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011-01-27 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\FIFA 11
[2011-01-27 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Leadertech
[2011-01-27 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Deluxe Ski Jump 4
[2011-01-27 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-26 21:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive
[2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Sports Interactive
[2011-01-26 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\TS3Client
[2011-01-26 18:50:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ElevatedDiagnostics
[2011-01-26 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla
[2011-01-26 16:12:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011-01-26 16:12:25 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-01-26 16:12:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011-01-26 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\RDRM
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ipla
[2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla
[2011-01-26 00:57:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011-01-26 00:57:30 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2011-01-25 21:49:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-01-25 21:49:12 | 000,000,000 | ---D | C] -- C:\Boot
[2011-01-25 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft
[2011-01-25 21:35:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011-01-25 21:35:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-01-25 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-01-25 21:29:57 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\WinRAR
[2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-01-25 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft
[2011-01-25 21:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2011-01-25 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\WapSter
[2011-01-25 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter
[2011-01-25 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[2011-01-25 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Diagnostics
[2011-01-25 19:40:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011-01-25 19:40:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011-01-25 19:40:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011-01-25 19:40:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011-01-25 19:40:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011-01-25 19:40:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011-01-25 19:40:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011-01-25 19:40:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011-01-25 19:40:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011-01-25 19:40:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011-01-25 19:40:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011-01-25 19:40:49 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011-01-25 19:40:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011-01-25 19:40:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011-01-25 19:40:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011-01-25 19:40:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011-01-25 19:40:48 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011-01-25 19:40:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011-01-25 19:40:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011-01-25 19:40:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011-01-25 19:40:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011-01-25 19:40:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011-01-25 19:40:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011-01-25 19:40:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011-01-25 19:40:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011-01-25 19:40:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011-01-25 19:40:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011-01-25 19:40:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011-01-25 19:40:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011-01-25 19:40:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011-01-25 19:40:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011-01-25 19:40:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011-01-25 19:40:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011-01-25 19:40:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011-01-25 19:40:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011-01-25 19:40:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011-01-25 19:40:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011-01-25 19:40:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011-01-25 19:40:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011-01-25 19:40:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011-01-25 19:40:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011-01-25 19:40:47 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011-01-25 19:40:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011-01-25 19:40:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011-01-25 19:40:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011-01-25 19:40:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011-01-25 19:40:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011-01-25 19:40:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011-01-25 19:40:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011-01-25 19:40:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011-01-25 19:40:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011-01-25 19:40:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011-01-25 19:40:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011-01-25 19:40:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011-01-25 19:40:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011-01-25 19:40:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011-01-25 19:40:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011-01-25 19:40:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011-01-25 19:40:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011-01-25 19:40:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011-01-25 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Macromedia
[2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Adobe
[2011-01-25 19:30:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011-01-25 19:28:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Opera
[2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Opera
[2011-01-25 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ATI
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ATI
[2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-01-25 19:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kreator raportowania problemów ATI
[2011-01-25 19:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-01-25 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011-01-25 19:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-01-25 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-01-25 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-01-25 19:22:06 | 000,000,000 | ---D | C] -- C:\Windows\AMD
[2011-01-25 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Searches
[2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-01-25 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Identities
[2011-01-25 14:15:58 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Contacts
[2011-01-25 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\VirtualStore
[2011-01-25 14:15:51 | 000,000,000 | --SD | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Videos
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Saved Games
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Pictures
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Music
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Links
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Favorites
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Downloads
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Documents
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Desktop
[2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Ustawienia lokalne
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Temporary Internet Files
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Szablony
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\SendTo
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Recent
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\PrintHood
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\NetHood
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje wideo
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje obrazy
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Moje dokumenty
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moja muzyka
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Menu Start
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Historia
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Dane aplikacji
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Dane aplikacji
[2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Cookies
[2011-01-25 14:15:51 | 000,000,000 | -H-D | C] -- C:\Users\PARADOX\AppData
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Temp
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Microsoft
[2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Media Center Programs
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2011-01-25 14:15:41 | 000,000,000 | ---D | C] -- C:\Recovery
[2011-01-25 12:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-01-25 12:50:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-01-25 12:50:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-12-08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-01 20:27:57 | 000,006,508 | ---- | M] () -- C:\Users\PARADOX\Desktop\23771853.jpg
[2011-02-01 20:27:35 | 000,000,118 | ---- | M] () -- C:\Users\PARADOX\Desktop\zdr.rar
[2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe
[2011-02-01 18:34:22 | 105,103,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-02-01 16:31:02 | 000,546,916 | ---- | M] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent
[2011-02-01 16:18:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 13:56:08 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-01 13:56:08 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-01 13:56:08 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-01 13:56:08 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-01 13:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-31 22:07:57 | 000,608,768 | ---- | M] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe
[2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW
[2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-01-30 18:40:26 | 000,000,603 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011-01-29 23:16:59 | 003,465,331 | ---- | M] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3
[2011-01-29 12:42:10 | 000,267,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-01-28 20:59:43 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-28 20:45:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-01-28 00:26:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-01-27 15:10:56 | 000,000,576 | ---- | M] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk
[2011-01-26 19:47:08 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011-01-26 00:57:30 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011-01-26 00:57:30 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-01-25 21:35:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011-01-25 21:35:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-01-25 19:26:46 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011-01-25 12:54:33 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011-01-25 12:52:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-01-13 09:00:00 | 000,080,896 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-13 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-12-07 19:40:22 | 000,183,808 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
[2010-12-07 19:22:46 | 000,810,496 | ---- | M] () -- C:\Windows\System32\xvidcore.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-01 20:28:21 | 000,006,508 | ---- | C] () -- C:\Users\PARADOX\Desktop\23771853.jpg
[2011-02-01 20:27:35 | 000,000,118 | ---- | C] () -- C:\Users\PARADOX\Desktop\zdr.rar
[2011-02-01 18:34:22 | 105,103,635 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-02-01 17:59:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-02-01 17:59:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-02-01 17:59:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011-02-01 17:59:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-02-01 17:59:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-02-01 16:31:02 | 000,546,916 | ---- | C] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent
[2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011-01-30 21:00:18 | 000,354,606 | RHS- | C] () -- C:\MTQEW
[2011-01-30 21:00:18 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-01-30 18:40:26 | 000,000,603 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011-01-30 14:23:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-01-29 23:16:26 | 003,465,331 | ---- | C] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3
[2011-01-29 00:01:03 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011-01-29 00:01:03 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011-01-28 20:59:43 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-01-28 20:45:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-01-28 00:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-01-27 15:10:56 | 000,000,576 | ---- | C] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk
[2011-01-26 22:50:12 | 000,000,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011-01-26 19:47:08 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011-01-26 16:12:25 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-01-26 16:12:25 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-01-26 16:12:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-26 16:12:25 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011-01-26 16:12:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-26 16:12:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-25 21:49:14 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011-01-25 21:49:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011-01-25 19:26:46 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011-01-25 14:16:07 | 000,001,425 | ---- | C] () -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-01-25 12:54:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-01-25 12:54:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-01-25 12:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-01-25 12:50:10 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-01-25 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft
[2011-01-25 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server
[2011-01-25 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft
[2011-02-01 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AVG10
[2011-01-30 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\FileZilla
[2011-02-01 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn
[2011-01-30 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ipla
[2011-01-27 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Leadertech
[2011-01-25 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Opera
[2011-01-26 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\RDRM
[2011-01-26 21:26:19 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive
[2011-01-26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\TS3Client
[2011-02-01 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\uTorrent
[2009-07-14 05:53:46 | 000,005,244 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW
[2011-02-01 13:51:54 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >
[/log]

[log]
OTL Extras logfile created on: 2011-02-01 21:14:33 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 4,28 Gb Free Space | 28,55% Space Free | Partition Type: NTFS
Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS
Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS
Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS

Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Frajer Koks\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{1DC4873F-493C-F305-B55E-0FE0BBC6EFD1}" = WMV9/VC-1 Video Playback
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDEE9257-8FEB-7BAF-B28F-C4737036D674}" = ATI Catalyst Install Manager
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EC048D90-85C5-9695-A647-E480D0BD4756}" = ccc-utility
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"Any Video Converter_is1" = Any Video Converter 3.1.8
"AQQ" = WapSter AQQ
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"FileZilla Client" = FileZilla Client 3.3.5.1
"ImgBurn" = ImgBurn
"ipla" = ipla 2.2.1
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Opera 11.01.1190" = Opera 11.01
"SopCast" = SopCast 3.3.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Turbo Pascal 7.0" = Turbo Pascal 7.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"vShare" = vShare Plugin
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-26 08:42:51 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-26 16:28:34 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: MaxPayne.exe, wersja: 1.0.0.0, sygnatura
czasowa: 0x31313931 Nazwa modułu powodującego błąd: e2mfc.dll, wersja: 0.0.0.0,
sygnatura czasowa: 0x3c468130 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001e764
Identyfikator
procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd:
0x01cbbd979289d7ef Ścieżka aplikacji powodującej błąd: D:\Max Payne\MaxPayne.exe
Ścieżka
modułu powodującego błąd: D:\Max Payne\e2mfc.dll Identyfikator raportu: d88dbb49-298a-11e0-bd43-001d7de6c270

Error - 2011-01-26 16:53:18 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: hl.exe, wersja: 1.1.1.1, sygnatura
czasowa: 0x48feaf5a Nazwa modułu powodującego błąd: steam.dll, wersja: 2.0.1008.901,
sygnatura czasowa: 0x4d2512b2 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x001e9eb3
Identyfikator
procesu powodującego błąd: 0xe08 Godzina uruchomienia aplikacji powodującej błąd:
0x01cbbd9af993b1f2 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\_daredevil__\counter-strike\hl.exe
Ścieżka
modułu powodującego błąd: D:\Steam\steam.dll Identyfikator raportu: 4d0d5d66-298e-11e0-bd43-001d7de6c270

Error - 2011-01-26 21:06:02 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-29 11:45:42 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-30 13:32:38 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-01-30 14:27:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0,
sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000
Identyfikator
procesu powodującego błąd: 0x1178 Godzina uruchomienia aplikacji powodującej błąd:
0x01cbc0ab22efbca1 Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe
Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: unknown Identyfikator
raportu: 9f9ff07f-2c9e-11e0-b893-001d7de6c270

Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0,
sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: Photoshop.exe, wersja:
9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Kod wyjątku: 0xc000001e Przesunięcie błędu:
0x00fafb08 Identyfikator procesu powodującego błąd: 0x1180 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cbc0ab699c5add Ścieżka aplikacji powodującej błąd: G:\Program
Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd:
G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Identyfikator raportu: bdba0b2f-2c9f-11e0-b893-001d7de6c270

Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących
przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany
plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak
dysku. System Windows zamknął program Adobe Photoshop CS2 z powodu tego błędu. Program:
Adobe Photoshop CS2 Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane.
Akcja
użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem,
który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można
uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić,
czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na
dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk
jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program
CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0

Error - 2011-01-31 15:03:26 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

[ System Events ]
Error - 2011-01-30 15:10:43 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

Error - 2011-01-31 14:00:01 | Computer Name = PARADOX-AX | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7.

Error - 2011-02-01 13:00:14 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-02-01 13:03:13 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.


< End of report >
[/log]

Tomek01
komentarz
komentarz

Wklej do OTL:[code]
:OTL
C:\Windows\temp
C:\$RECYCLE.BIN
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\NIRCMD.exe
C:\Windows\SWXCACLS.exe
C:\Windows\ERDNT
C:\ComboFix

:Services
mbr

:Commands
[emptytemp][/code]

Po wszystkim w OTL wciśnij CleanUp.

Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach.
Użyj ATF Cleaner, zaznacz trzy pierwsze fajki i empty selected.

Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykryły raporty pokaż na forum.

  • Dobra wypowiedź 1
jstat
komentarz
komentarz

[log]Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Wersja bazy: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011-02-01 23:55:22
mbam-log-2011-02-01 (23-55-18).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|)
Przeskanowano obiektów: 218553
Upłynęło: 30 minut(y), 17 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
c:\Users\PARADOX\AppData\Local\Opera\Opera\cache\g_0066\opr00ZEH.tmp (Trojan.Dropper.PGen) -> No action taken.
[/log]

Tomek01
komentarz
komentarz

Śmiało to możesz usunąć. ;)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.