REKLAMA

OTL.Txt

Analiza logów OTL/EXTRAS - podejrzenie wirusa, prośba o weryfikację

prosze o sprawdzenie


Pobierz plik - link do postu

OTL logfile created on: 2012-12-15 09:05:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\banan\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,47 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 85,83% Memory free
7,12 Gb Paging File | 6,73 Gb Available in Paging File | 94,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 26,00 Gb Free Space | 38,04% Space Free | Partition Type: NTFS
Drive D: | 80,68 Gb Total Space | 18,52 Gb Free Space | 22,95% Space Free | Partition Type: NTFS

Computer Name: BANAN-PC | User Name: banan | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-12-14 16:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\banan\Desktop\OTL.exe
PRC - [2009-05-04 11:45:54 | 001,785,856 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009-05-04 11:45:54 | 001,785,856 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-03-12 09:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IProsetMonitor.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2008-01-21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-01-21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-10 11:25:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-11-08 16:02:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-07-03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009-04-11 17:24:52 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-05 16:15:04 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008-09-08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-01-21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-07-26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2012-04-19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2012-03-19 04:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2012-02-02 01:41:44 | 000,390,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1k60x64.sys -- (e1kexpress)
DRV:[b]64bit:[/b] - [2012-01-06 17:16:56 | 000,508,472 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011-12-23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2011-10-13 12:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009-06-24 05:28:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2008-12-07 11:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2008-10-21 04:59:54 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008-01-21 03:50:10 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2008-01-21 03:46:06 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2007-05-16 08:44:34 | 000,558,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
DRV:[b]64bit:[/b] - [2006-11-10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV - [2007-11-07 11:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://search.live.com/results.aspx?q={searchTerms} & src={referrer:source?}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b & utm_medium=pbr & from=pbr & uid=5RA9ZV83_ST3160815AS & ts=1348677628
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953 & tid=2958 & bs=true & q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953 & tid=2958 & bs=true & q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://search.live.com/results.aspx?q={searchTerms} & src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: " URL " = http://search.certified-toolbar.com?si=33953 & bs=true & tid=2958 & q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: " URL " = http://search.sweetim.com/search.asp?src=6 & crg=3.1010000 & st=18 & q={searchTerms} & barid={FDEACC6A-061A-4A7F-B8E5-F4821AB70C60}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0



IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b & utm_medium=pbr & from=pbr & uid=5RA9ZV83_ST3160815AS & ts=1348677628
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953 & tid=2958 & bs=true & q=
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953 & tid=2958 & bs=true & q=
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953 & home=true & tid=2958
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: " URL " = http://klit.startnow.com/s/?q={searchTerms} & src=defsearch & provider= & provider_name=yahoo & provider_code= & partner_id=693 & product_id=741 & affiliate_id= & channel= & toolbar_id=200 & toolbar_version=2.4.0 & install_country=PL & install_date=20111122 & user_guid=F5BED03E82934354A5F115678FF5CC11 & machine_id=d4cdcd721258ccba312aaef6eb0c4fc9 & browser=IE & os=win & os_version=6.0-x64-SP2 & iesrc={referrer:source}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://search.live.com/results.aspx?q={searchTerms} & src={referrer:source?}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: " URL " = http://start.funmoods.com/?a=ironto & s={searchTerms} & f=4
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: " URL " = http://search.babylon.com/?q={searchTerms} & affID=110811 & tt=210512_53 & babsrc=SP_def & mntrId=4cba2cfa000000000000002719bc20a8
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: " URL " = http://websearch.ask.com/redirect?client=ie & tb=CPUID & o=14654 & src=crm & q={searchTerms} & locale=en_US & apn_ptnrs=CV & apn_dtid=YYYYYYYYPL & apn_uid=b5d7be7c-3327-4079-ade6-32217baf9fc6 & apn_sauid=A6B767C7-0C18-4F4C-B44D-AAF295B2989F &
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: " URL " = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & sourceid=ie7 & rlz=1I7GGHP_plPL460
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: " URL " = http://search.startnow.com/s/?q={searchTerms} & src=defsearch & provider= & provider_name=startnow & provider_code= & partner_id=999 & product_id=10 & affiliate_id= & channel= & toolbar_id= & toolbar_version= & install_country= & install_date=20120925 & user_guid=F5BED03E82934354A5F115678FF5CC11 & machine_id=d4cdcd721258ccba312aaef6eb0c4fc9 & browser=IE & os=win & os_version=6.0-x64-SP2 & iesrc={referrer:source}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: " URL " = http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language}:{referrer:source?} & ie={inputEncoding} & oe={outputEncoding} & sourceid=ie7 & rlz=1I7GGHP_plPL460
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: " URL " = http://search.sweetim.com/search.asp?src=6 & crg=3.1010000 & st=18 & q={searchTerms} & barid={FDEACC6A-061A-4A7F-B8E5-F4821AB70C60}
IE - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..CT2481033.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: " Web Search "
FF - prefs.js..browser.search.defaultenginename: " Web Search "
FF - prefs.js..browser.search.defaulturl: " "
FF - prefs.js..browser.search.order.1: " Web Search "
FF - prefs.js..browser.search.selectedEngine: " Google "
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: " http://www.google.pl/ "
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: paprikkaFiles%40paprikka.pl:0.9.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: " http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033 & SearchSource=2 & q= "
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: " http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033 & SearchSource=2 & q= "


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\banan\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-10 11:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-10-06 12:03:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-10 11:25:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\banan\AppData\Roaming\IDM\idmmzcc5

[2011-11-20 08:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\banan\AppData\Roaming\mozilla\Extensions
[2012-11-25 10:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\banan\AppData\Roaming\mozilla\Firefox\Profiles\v9mljk2y.default\extensions
[2012-03-25 20:42:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\banan\AppData\Roaming\mozilla\Firefox\Profiles\v9mljk2y.default\extensions\ffxtlbr@babylon.com
[2012-03-25 20:22:04 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\banan\AppData\Roaming\mozilla\Firefox\Profiles\v9mljk2y.default\extensions\ffxtlbr@funmoods.com
[2011-12-14 17:27:05 | 000,151,242 | ---- | M] () (No name found) -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\extensions\paprikkaFiles@paprikka.pl.xpi
[2012-11-25 10:19:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011-11-17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\askcom.xml
[2012-11-08 16:06:04 | 000,000,915 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\conduit.xml
[2012-03-25 20:22:01 | 000,001,800 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\funmoods.xml
[2012-09-25 10:09:30 | 000,002,356 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\startnow.xml
[2012-03-25 21:23:38 | 000,004,089 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\sweetim.xml
[2012-11-19 15:12:21 | 000,003,269 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\Web Search.xml
[2011-11-22 20:00:31 | 000,001,390 | ---- | M] () -- C:\Users\banan\AppData\Roaming\mozilla\firefox\profiles\v9mljk2y.default\searchplugins\yahoo-zugo.xml
[2012-12-10 11:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-12-10 11:25:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-12-10 11:25:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-09-01 14:06:29 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-05-21 14:49:21 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-09-01 14:06:29 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-09-01 14:06:29 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-09-01 14:06:29 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-09-26 17:40:29 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
[2012-11-19 15:12:21 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012-09-01 14:06:29 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-09-01 14:06:29 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome & ie={inputEncoding} & q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome & hl={language} & q={searchTerms}
CHR - homepage:
CHR - Extension: RewardsArcade = C:\Users\banan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.13.61_0\
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\banan\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
CHR - Extension: DealPly = C:\Users\banan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: AVG Safe Search = C:\Users\banan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012-02-02 11:48:44 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [ROC_ROC_NT] " C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe " / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU " C:\Windows\TEMP\E_SF778.tmp " /EF " HKCU " File not found
O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [StartNow Search Protect] " C:\Program Files (x86)\StartNow Toolbar\search_protect.exe " /RELAY /REPORT /PROTECT File not found
O4 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8:[b]64bit:[/b] - Extra context menu item: E & ksport do programu Microsoft Excel - D:\word2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: E & ksport do programu Microsoft Excel - D:\word2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\word2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0_03-windows-i586.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F4638F3-A584-4401-B25D-E143B6FD495F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A563DCF-2386-4A1B-AB2A-BAA419059502}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL " sysdm.cpl " ) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL " sysdm.cpl " ) - File not found
O20 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000 Winlogon: Shell - (explorer.exe) - File not found
O20 - HKU\S-1-5-21-647423088-3887760420-1206326084-1000 Winlogon: Shell - (C:\Users\banan\AppData\Roaming\skype.dat) - C:\Users\banan\AppData\Roaming\skype.dat ()
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Users\banan\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\banan\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-07 13:57:27 | 000,021,020 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O33 - MountPoints2\{3c9bd624-1a57-11e1-8032-0021862c769c}\Shell - " " = AutoRun
O33 - MountPoints2\{3c9bd624-1a57-11e1-8032-0021862c769c}\Shell\AutoRun\command - " " = F:\Startme.exe
O33 - MountPoints2\{e18cda6b-12cf-11e1-92d6-922b06da70af}\Shell\AutoRun\command - " " = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- " %1 " %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- " %1 " %*
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- " %1 " %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-12-15 08:59:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\banan\Desktop\OTL.exe
[2012-12-15 08:57:43 | 000,000,000 | ---D | C] -- C:\Users\banan\Desktop\Nowy folderrrrrr
[2012-12-13 15:17:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-12-12 18:52:38 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\Users\banan\Desktop\CCleaner v3.00.exe
[2012-12-11 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\banan\AppData\Roaming\Malwarebytes
[2012-12-11 21:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-12-11 21:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-12-11 21:26:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-12-11 21:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-12-11 21:24:55 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\banan\Desktop\mbam-setup-1.65.1.1000.exe
[2012-12-10 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Users\banan\AppData\Local\*.tmp files - & gt; C:\Users\banan\AppData\Local\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-12-15 08:57:13 | 001,470,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-12-15 08:57:13 | 000,661,818 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-12-15 08:57:13 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-12-15 08:57:13 | 000,126,702 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-12-15 08:57:13 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-12-15 08:43:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-15 08:41:01 | 000,000,004 | ---- | M] () -- C:\Users\banan\AppData\Roaming\skype.ini
[2012-12-15 08:40:50 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-15 08:40:27 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-15 08:40:27 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-14 16:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\banan\Desktop\OTL.exe
[2012-12-13 17:40:21 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-13 17:40:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6EAF3267-33F9-414F-8EDC-9DEC8F38E5AD}.job
[2012-12-12 18:24:42 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Users\banan\Desktop\CCleaner v3.00.exe
[2012-12-11 22:12:44 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-12-11 21:26:56 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-12-11 21:25:50 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\banan\Desktop\mbam-setup-1.65.1.1000.exe
[2012-12-11 11:48:54 | 000,086,614 | ---- | M] () -- C:\Users\banan\Desktop\Chronology of British Empire.pdf
[2012-12-11 10:39:17 | 000,915,568 | ---- | M] () -- C:\Users\banan\Desktop\The End of the First British Empire.pdf
[2 C:\Users\banan\AppData\Local\*.tmp files - & gt; C:\Users\banan\AppData\Local\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-13 17:07:17 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012-12-11 21:26:56 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-12-11 21:10:31 | 007,788,331 | ---- | C] () -- C:\Users\banan\Desktop\Nimo50Build9Beta1_[www.programosy.pl].exe
[2012-12-11 17:25:54 | 000,000,004 | ---- | C] () -- C:\Users\banan\AppData\Roaming\skype.ini
[2012-12-11 11:48:54 | 000,086,614 | ---- | C] () -- C:\Users\banan\Desktop\Chronology of British Empire.pdf
[2012-12-11 10:39:17 | 000,915,568 | ---- | C] () -- C:\Users\banan\Desktop\The End of the First British Empire.pdf
[2012-11-19 15:12:23 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
[2012-05-15 16:45:57 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2012-05-15 16:35:11 | 000,000,235 | ---- | C] () -- C:\Windows\WININIT.INI
[2012-05-15 16:11:48 | 000,041,068 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2012-04-21 11:32:47 | 000,001,057 | ---- | C] () -- C:\Users\banan\AppData\Roaming\vso_ts_preview.xml
[2012-03-25 20:42:35 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-12-26 13:01:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-11-22 20:00:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-11-22 20:00:21 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-11-21 16:54:11 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011-11-21 16:53:58 | 000,001,024 | ---- | C] () -- C:\Users\banan\.rnd
[2011-11-21 15:42:11 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
[2011-11-20 17:59:10 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-11-20 17:59:10 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011-11-20 10:43:07 | 000,138,240 | ---- | C] () -- C:\Users\banan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-20 10:13:09 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011-11-20 10:13:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011-11-20 10:13:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011-11-20 10:13:09 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011-11-20 10:13:09 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011-11-20 10:13:09 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011-11-20 10:13:09 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011-11-20 10:13:09 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011-11-20 10:13:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011-11-20 10:13:09 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011-11-20 10:13:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011-11-20 10:13:09 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011-11-20 10:13:09 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011-11-20 10:13:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011-11-20 10:13:09 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011-11-20 10:13:09 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011-11-20 10:13:09 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011-11-20 10:13:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011-11-20 10:13:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011-11-20 10:11:19 | 000,000,026 | ---- | C] () -- C:\Windows\CDE SX400EXPORT.ini
[2011-11-20 10:06:14 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-11-20 09:37:59 | 000,000,680 | ---- | C] () -- C:\Users\banan\AppData\Local\d3d9caps.dat
[2011-11-19 17:58:40 | 000,000,615 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011-11-19 17:49:31 | 000,000,732 | ---- | C] () -- C:\Users\banan\AppData\Local\d3d9caps64.dat
[2011-10-13 12:04:02 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011-10-13 12:04:02 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011-10-13 12:04:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009-04-11 17:24:51 | 000,065,024 | ---- | C] () -- C:\Users\banan\AppData\Roaming\skype.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006-11-02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2009-04-11 17:24:36 | 012,897,792 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2009-04-11 17:24:57 | 011,584,000 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-04-11 17:23:49 | 000,891,392 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 17:24:09 | 000,614,912 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2008-01-21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-09-29 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\Ashampoo
[2011-12-05 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\Babylon
[2012-02-03 15:15:45 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\DAEMON Tools Pro
[2011-11-20 10:00:49 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\DeepBurner
[2012-05-21 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\DMCache
[2012-04-23 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\EPSON
[2012-05-21 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\SkyMonk
[2012-03-25 20:15:52 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\SumatraPDF
[2011-12-03 19:23:11 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\SzybszyPC
[2012-05-03 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\Thinstall
[2012-05-19 12:26:07 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\TuneUp Software
[2012-09-29 09:26:25 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\Vso
[2012-05-24 15:41:12 | 000,000,000 | ---D | M] -- C:\Users\banan\AppData\Roaming\WildPackets

[color=#E56717]========== Purity Check ==========[/color]



& lt; End of report & gt;