OTL logfile created on: 7/9/2012 5:09:03 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\woras\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.86 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 83.32% Memory free 7.73 Gb Paging File | 7.11 Gb Available in Paging File | 92.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 80.91 Gb Free Space | 45.20% Space Free | Partition Type: NTFS Drive D: | 397.92 Gb Total Space | 397.81 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Drive H: | 465.76 Gb Total Space | 276.93 Gb Free Space | 59.46% Space Free | Partition Type: NTFS Computer Name: WORAS-KOMPUTER | User Name: woras | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/09 17:07:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\woras\Desktop\OTL.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:[b]64bit:[/b] - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:[b]64bit:[/b] - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:[b]64bit:[/b] - [2011/03/08 09:30:57 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/07/21 14:46:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2010/04/16 17:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/05 17:55:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/12/04 12:55:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/06/01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/04 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/02/04 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/12/28 22:41:52 | 000,207,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/03/06 20:47:55 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010/12/04 12:59:38 | 000,036,904 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rockey4.sys -- (ROCKEYNT) DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010/07/29 02:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2010/07/20 08:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2010/07/20 08:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2010/07/20 08:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2010/07/14 01:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:[b]64bit:[/b] - [2010/07/08 10:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2010/04/27 19:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010/04/27 19:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/04/16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2010/03/10 04:48:30 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2010/03/02 09:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:[b]64bit:[/b] - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009/08/07 03:35:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:[b]64bit:[/b] - [2009/07/24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:[b]64bit:[/b] - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2010/10/14 08:09:47 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2010/02/24 04:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/11 12:19:10] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idd/idd_1335301844_943252 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={91DE6D63-8D96-11E1-AF92-002454D20F87} IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\tbNCH_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={91DE6D63-8D96-11E1-AF92-002454D20F87} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idd/idd_1335301844_943252 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={91DE6D63-8D96-11E1-AF92-002454D20F87} IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\tbNCH_.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{35B7BC21-38AD-4D33-BECB-96232298114E}: "URL" = http://www.nasza-klasa.pl/szukaj/profile?q={searchTerms} IE - HKCU\..\SearchScopes\{5D323A27-E309-4019-A0D3-EE3D73F3D709}: "URL" = http://www.allegro.pl/search.php?sg=0&string={searchTerms} IE - HKCU\..\SearchScopes\{84932BA2-B48E-4F50-991C-C02B6DF4357D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CPUID&o=14654&src=crm&q={searchTerms}&locale=&apn_ptnrs=CV&apn_dtid=YYYYYYYYPL&apn_uid=6cabc78b-7940-4f81-8d61-ebb330b75e61&apn_sauid=5D161705-404C-4C0D-9008-89FC39ECD44F IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={91DE6D63-8D96-11E1-AF92-002454D20F87} IE - HKCU\..\SearchScopes\{F09D0B5A-A928-4662-AD4B-7C20E31C8FD0}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010000&st=12&barid={91DE6D63-8D96-11E1-AF92-002454D20F87}" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.6.0.10 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14656" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/22 16:23:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 17:55:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/22 16:24:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 17:55:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/22 16:24:04 | 000,000,000 | ---D | M] [2010/11/23 14:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woras\AppData\Roaming\mozilla\Extensions [2012/06/08 15:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions [2012/05/30 14:08:58 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2012/06/06 13:10:54 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2011/06/23 13:04:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions\DTToolbar@toolbarnet.com [2012/01/30 17:29:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions\engine@conduit.com [2012/06/08 15:17:44 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\woras\AppData\Roaming\mozilla\Firefox\Profiles\q6dv2aiv.default\extensions\toolbar@ask.com [2012/06/08 15:17:44 | 000,002,325 | ---- | M] () -- C:\Users\woras\AppData\Roaming\Mozilla\Firefox\Profiles\q6dv2aiv.default\searchplugins\askcom.xml [2010/12/30 18:20:12 | 000,000,915 | ---- | M] () -- C:\Users\woras\AppData\Roaming\Mozilla\Firefox\Profiles\q6dv2aiv.default\searchplugins\conduit.xml [2011/03/06 20:48:59 | 000,002,055 | ---- | M] () -- C:\Users\woras\AppData\Roaming\Mozilla\Firefox\Profiles\q6dv2aiv.default\searchplugins\daemon-search.xml [2012/07/09 17:01:41 | 000,003,992 | ---- | M] () -- C:\Users\woras\AppData\Roaming\Mozilla\Firefox\Profiles\q6dv2aiv.default\searchplugins\sweetim.xml [2011/11/10 14:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/05 17:55:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/12/13 15:34:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/09/16 12:26:02 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2012/06/22 16:23:47 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2011/09/23 03:36:11 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2011/09/23 03:36:11 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011/09/23 03:36:11 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2011/09/23 03:36:11 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/04/24 23:10:44 | 000,002,415 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2011/09/23 03:36:11 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2011/09/23 03:36:11 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\woras\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Users\woras\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\woras\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Gmail = C:\Users\woras\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\tbNCH_.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\tbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\tbNCH_.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [sppcomapi] C:\Users\woras\AppData\Local\Microsoft\Windows\3177\sppcomapi.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B32254F-25C7-4E06-AB79-5A453ADF62C8}: DhcpNameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DDC3AF-B2CE-4AC0-AC0C-36F572B9502A}: NameServer = 89.108.202.21 89.108.195.21 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{16fc2035-f674-11e0-ad14-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{16fc2035-f674-11e0-ad14-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{17fffe4b-f3a7-11df-8818-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{17fffe4b-f3a7-11df-8818-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{17fffe5f-f3a7-11df-8818-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{17fffe5f-f3a7-11df-8818-001bb162529a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1a949cf9-5ec8-11e0-b17a-9c777810fe65}\Shell - "" = AutoRun O33 - MountPoints2\{1a949cf9-5ec8-11e0-b17a-9c777810fe65}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{46df18d5-62eb-11e1-afc9-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{46df18d5-62eb-11e1-afc9-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{46df18ec-62eb-11e1-afc9-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{46df18ec-62eb-11e1-afc9-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{82f5b720-4822-11e0-80ad-902f6ae3770b}\Shell - "" = AutoRun O33 - MountPoints2\{82f5b720-4822-11e0-80ad-902f6ae3770b}\Shell\AutoRun\command - "" = I:\Setup.exe O33 - MountPoints2\{8cece17c-f338-11df-abdc-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{8cece17c-f338-11df-abdc-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8cece18a-f338-11df-abdc-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{8cece18a-f338-11df-abdc-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a74bceab-0058-11e0-9de4-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{a74bceab-0058-11e0-9de4-002454d20f87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a74bceb6-0058-11e0-9de4-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{a74bceb6-0058-11e0-9de4-002454d20f87}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c979b638-a12b-11e1-bc9e-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{c979b638-a12b-11e1-bc9e-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cd2dc46f-5b96-11e1-b1b3-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{cd2dc46f-5b96-11e1-b1b3-001bb162529a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cedbdeea-f6fb-11df-842f-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{cedbdeea-f6fb-11df-842f-002454d20f87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cedbdeed-f6fb-11df-842f-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{cedbdeed-f6fb-11df-842f-002454d20f87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d1300517-451b-11e1-8171-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{d1300517-451b-11e1-8171-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d130052c-451b-11e1-8171-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{d130052c-451b-11e1-8171-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d154ab66-ad5d-11e1-afe8-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{d154ab66-ad5d-11e1-afe8-002454d20f87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e2102122-ffdc-11df-a15a-002454d20f87}\Shell - "" = AutoRun O33 - MountPoints2\{e2102122-ffdc-11df-a15a-002454d20f87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ec6109b8-51cf-11e1-afc9-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{ec6109b8-51cf-11e1-afc9-001bb162529a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ec6109d2-51cf-11e1-afc9-001bb162529a}\Shell - "" = AutoRun O33 - MountPoints2\{ec6109d2-51cf-11e1-afc9-001bb162529a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ede8bb9d-613b-11e0-9c5b-a3379e8c1e10}\Shell - "" = AutoRun O33 - MountPoints2\{ede8bb9d-613b-11e0-9c5b-a3379e8c1e10}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/09 17:08:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\woras\Desktop\OTL.exe [2012/07/09 17:01:25 | 000,296,792 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\woras\Desktop\SweetImSetup(2).exe [2012/07/09 13:45:16 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012/07/09 13:41:47 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Roaming\hellomoto [2012/07/09 13:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858860001EE9423FBBA44B4EB2367 [2012/06/25 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\buty roz 42 [2012/06/24 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\ALLEGRO ! [2012/06/23 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\Muzyka - Lumia [2012/06/23 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\Obrazy - Lumia [2012/06/23 01:10:17 | 000,000,000 | R--D | C] -- C:\Users\woras\Podcasts [2012/06/23 01:10:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012/06/23 01:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2012/06/23 01:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zune [2012/06/23 00:08:40 | 105,664,248 | ---- | C] (Microsoft Corporation) -- C:\Users\woras\Desktop\ZuneSetupPkg.exe [2012/06/22 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\Real [2012/06/22 16:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/06/22 16:23:49 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012/06/22 16:23:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012/06/22 16:23:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012/06/22 16:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012/06/22 16:23:42 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/06/22 16:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012/06/22 16:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012/06/22 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Roaming\Real [2012/06/22 16:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/22 16:02:19 | 000,690,496 | ---- | C] (RealNetworks, Inc.) -- C:\Users\woras\Desktop\RealPlayer.exe [2012/06/21 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\Ogłoszenie PROJEKTANT [2012/06/19 09:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/06/19 09:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/06/19 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\Google [2012/06/19 09:17:45 | 000,739,832 | ---- | C] (Google Inc.) -- C:\Users\woras\Documents\GoogleEarthPluginSetup.exe [2012/06/19 08:42:25 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/19 08:42:25 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/19 08:42:25 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/19 08:42:08 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/06/19 08:42:08 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/06/19 08:42:08 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/06/19 08:41:51 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/19 08:41:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/17 23:38:17 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\woras\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe [2012/06/13 13:25:36 | 000,000,000 | ---D | C] -- C:\Users\woras\Desktop\Ogłoszenia TYNKI [2012/06/13 13:01:31 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{A4C1D98C-BE75-4E38-8E27-4DC21550804E} [2012/06/13 13:01:27 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{01462CD5-ABD3-49A4-A166-845AD79420DA} [2012/06/13 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{068CA637-D4BE-4403-8A19-EC5E02B89308} [2012/06/13 11:13:46 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{5E744B4B-BCFF-40F4-9CBE-D7F7195BB6C1} [2012/06/13 09:03:15 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/06/13 09:03:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/13 09:03:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/13 09:03:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/13 09:03:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/13 09:03:09 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/13 09:03:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/13 09:01:28 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/13 09:01:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/13 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{0F6C8543-87A5-4096-8098-406B221E1698} [2012/06/13 08:56:55 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{0E3B5AF9-13F1-4FF0-B47C-19C36D18A5CC} [2012/06/13 08:56:44 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Local\{6BA95F76-C34C-423C-89DD-4EFC4BB7696D} [2012/06/13 08:56:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/13 08:56:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/13 08:56:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/06/13 08:55:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/13 08:55:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/13 08:55:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/13 08:53:44 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/13 08:53:37 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/06/13 08:53:36 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/06/12 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\woras\Documents\wille nad morzem [2012/06/12 13:46:52 | 000,000,000 | ---D | C] -- C:\Users\woras\Documents\buty DOROTY [2012/06/11 12:37:45 | 000,000,000 | ---D | C] -- C:\Users\woras\AppData\Roaming\Skype [2012/06/11 12:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/06/11 12:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/06/11 12:37:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/09 17:07:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\woras\Desktop\OTL.exe [2012/07/09 17:03:46 | 001,551,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/09 17:03:46 | 000,698,348 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012/07/09 17:03:46 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/09 17:03:46 | 000,135,200 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012/07/09 17:03:46 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/09 17:02:38 | 000,001,948 | ---- | M] () -- C:\Users\woras\Desktop\Continue SweetIM Installation.lnk [2012/07/09 16:59:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/07/09 16:58:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/09 16:58:47 | 4148,592,640 | -HS- | M] () -- C:\hiberfil.sys [2012/07/09 16:57:03 | 000,296,792 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\woras\Desktop\SweetImSetup(2).exe [2012/07/09 16:22:10 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/09 16:08:21 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/09 15:55:12 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/09 15:55:12 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/09 13:48:33 | 000,012,146 | ---- | M] () -- C:\Users\woras\Desktop\AVGIDSAgent [2012/07/09 13:45:16 | 000,001,094 | ---- | M] () -- C:\Users\woras\Desktop\Live Security Platinum.lnk [2012/07/06 23:02:00 | 000,038,443 | ---- | M] () -- C:\Users\woras\Documents\moj-styl-wychodne.jpg [2012/07/04 10:37:21 | 000,939,668 | ---- | M] () -- C:\Users\woras\Desktop\Rys. Tube Nozzle pdf stare.zip [2012/07/03 11:21:01 | 000,011,954 | ---- | M] () -- C:\Users\woras\.recently-used.xbel [2012/07/03 10:11:37 | 001,293,430 | ---- | M] () -- C:\Users\woras\Desktop\RYSUNKI TUBE NOZZLE - ESSEL PROPACK POLSKA!!!.dwg [2012/07/03 10:05:10 | 000,939,668 | ---- | M] () -- C:\Users\woras\Desktop\Rys. Tube Nozzle pdf.zip [2012/07/01 13:52:55 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/07/01 09:43:21 | 000,073,579 | ---- | M] () -- C:\Users\woras\Documents\cubus-mietowy-z-falbankami.jpg [2012/06/30 09:31:28 | 000,243,068 | ---- | M] () -- C:\Users\woras\Documents\CV Grzegorz Worobiej !.pdf [2012/06/29 22:19:38 | 000,047,561 | ---- | M] () -- C:\Users\woras\Desktop\drzwi.jpg [2012/06/29 09:13:07 | 000,000,000 | ---- | M] () -- C:\Users\woras\Documents\Nuance Image Printer Writer Port [2012/06/28 12:34:28 | 000,116,595 | ---- | M] () -- C:\Users\woras\Documents\przelew mecz stali gorzów na 01.07.2012.pdf [2012/06/26 12:59:35 | 000,210,969 | ---- | M] () -- C:\Users\woras\Documents\bogusławskiego 4 pietra.jpg [2012/06/25 14:57:20 | 003,781,137 | ---- | M] () -- C:\Users\woras\Desktop\buty roz 42.zip [2012/06/23 01:18:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2012/06/23 01:18:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012/06/23 01:08:13 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2012/06/23 01:06:49 | 105,664,248 | ---- | M] (Microsoft Corporation) -- C:\Users\woras\Desktop\ZuneSetupPkg.exe [2012/06/22 16:24:02 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012/06/22 16:24:02 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/06/22 16:23:49 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012/06/22 16:23:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012/06/22 16:23:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012/06/22 16:23:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/06/22 16:02:42 | 000,690,496 | ---- | M] (RealNetworks, Inc.) -- C:\Users\woras\Desktop\RealPlayer.exe [2012/06/22 12:34:25 | 000,242,352 | ---- | M] () -- C:\Users\woras\Desktop\CV Grzegorz Worobiej !.pdf [2012/06/19 09:17:46 | 000,739,832 | ---- | M] (Google Inc.) -- C:\Users\woras\Documents\GoogleEarthPluginSetup.exe [2012/06/17 23:38:25 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\woras\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe [2012/06/14 11:11:25 | 000,116,366 | ---- | M] () -- C:\Users\woras\Documents\przelew za żużel stal-gdańsk.pdf [2012/06/13 23:12:09 | 000,401,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 13:17:30 | 000,242,108 | ---- | M] () -- C:\Users\woras\Desktop\CV Grzegorz Worobiej.pdf [2012/06/12 15:27:15 | 000,264,480 | ---- | M] () -- C:\Users\woras\Documents\45J PRZYKŁAD.dwg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/09 17:01:31 | 000,001,948 | ---- | C] () -- C:\Users\woras\Desktop\Continue SweetIM Installation.lnk [2012/07/09 13:48:32 | 000,012,146 | ---- | C] () -- C:\Users\woras\Desktop\AVGIDSAgent [2012/07/09 13:45:16 | 000,001,094 | ---- | C] () -- C:\Users\woras\Desktop\Live Security Platinum.lnk [2012/07/06 23:01:45 | 000,038,443 | ---- | C] () -- C:\Users\woras\Documents\moj-styl-wychodne.jpg [2012/07/04 10:36:44 | 000,939,668 | ---- | C] () -- C:\Users\woras\Desktop\Rys. Tube Nozzle pdf stare.zip [2012/07/03 11:21:01 | 000,011,954 | ---- | C] () -- C:\Users\woras\.recently-used.xbel [2012/07/03 10:10:50 | 001,293,430 | ---- | C] () -- C:\Users\woras\Desktop\RYSUNKI TUBE NOZZLE - ESSEL PROPACK POLSKA!!!.dwg [2012/07/03 10:05:03 | 000,939,668 | ---- | C] () -- C:\Users\woras\Desktop\Rys. Tube Nozzle pdf.zip [2012/07/01 09:43:03 | 000,073,579 | ---- | C] () -- C:\Users\woras\Documents\cubus-mietowy-z-falbankami.jpg [2012/06/29 22:19:37 | 000,047,561 | ---- | C] () -- C:\Users\woras\Desktop\drzwi.jpg [2012/06/28 12:34:27 | 000,116,595 | ---- | C] () -- C:\Users\woras\Documents\przelew mecz stali gorzów na 01.07.2012.pdf [2012/06/26 12:59:35 | 000,210,969 | ---- | C] () -- C:\Users\woras\Documents\bogusławskiego 4 pietra.jpg [2012/06/25 14:57:20 | 003,781,137 | ---- | C] () -- C:\Users\woras\Desktop\buty roz 42.zip [2012/06/23 01:18:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2012/06/23 01:18:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012/06/23 01:08:13 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2012/06/22 16:24:02 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012/06/22 16:24:02 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/06/22 16:23:14 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/06/22 12:34:52 | 000,243,068 | ---- | C] () -- C:\Users\woras\Documents\CV Grzegorz Worobiej !.pdf [2012/06/22 12:31:19 | 000,242,352 | ---- | C] () -- C:\Users\woras\Desktop\CV Grzegorz Worobiej !.pdf [2012/06/19 09:17:55 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/19 09:17:54 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/14 11:11:24 | 000,116,366 | ---- | C] () -- C:\Users\woras\Documents\przelew za żużel stal-gdańsk.pdf [2012/06/13 13:11:22 | 000,242,108 | ---- | C] () -- C:\Users\woras\Desktop\CV Grzegorz Worobiej.pdf [2012/06/12 15:27:13 | 000,264,480 | ---- | C] () -- C:\Users\woras\Documents\45J PRZYKŁAD.dwg [2012/06/12 14:08:21 | 000,104,304 | ---- | C] () -- C:\Users\woras\Documents\Kinga Gintowt - LM.pdf [2012/06/12 14:04:29 | 000,562,135 | ---- | C] () -- C:\Users\woras\Documents\rozkład jazdy mzk gorzów.jpg [2011/11/03 14:28:32 | 000,000,230 | ---- | C] () -- C:\Users\woras\.gtk-bookmarks [2011/04/08 19:15:02 | 000,007,605 | ---- | C] () -- C:\Users\woras\AppData\Local\Resmon.ResmonCfg [2011/01/09 00:03:49 | 000,036,864 | ---- | C] () -- C:\Windows\StmClean.exe [2010/12/20 21:30:57 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/12/20 21:30:57 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/12/20 21:30:23 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/12/20 21:30:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/12/20 21:30:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010/12/20 21:26:43 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini [2010/12/20 21:23:53 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/12/20 21:23:53 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/11/29 12:41:06 | 001,576,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/18 19:31:00 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe [2010/11/18 19:30:05 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2010/11/18 19:29:53 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2010/09/11 06:07:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2010/09/11 05:34:41 | 000,001,064 | ---- | C] () -- C:\Windows\HotFixList.ini < End of report >