OTL logfile created on: 2012-10-26 09:03:16 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Rafal\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1023,48 Mb Total Physical Memory | 679,80 Mb Available Physical Memory | 66,42% Memory free
3,38 Gb Paging File | 3,15 Gb Available in Paging File | 93,30% Paging File free
Paging file location(s): C:\pagefile.sys 2536 4072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 81,80 Gb Free Space | 73,18% Space Free | Partition Type: NTFS
 
Computer Name: PANDORA2 | User Name: Rafal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-10-25 22:41:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafal\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-06-26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012-06-11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012-06-11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012-06-11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\winlogon.exe
PRC - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\services.exe
PRC - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\lsass.exe
PRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-06-26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012-06-26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012-06-26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012-06-26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012-06-26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012-06-26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012-02-17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012-02-10 06:10:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\winlogon.exe
MOD - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\services.exe
MOD - [2011-09-02 19:17:08 | 000,044,417 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\lsass.exe
MOD - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-10-20 08:34:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-06-11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2011-08-30 11:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-11-19 15:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2009-11-19 15:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2009-11-19 15:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009-11-19 15:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2009-11-19 15:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2009-11-19 15:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009-11-19 15:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2004-12-06 18:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.pl/0,0.html?sc=1
IE - HKCU\..\SearchScopes,DefaultScope = {CB4D6F64-54A2-4672-B91D-D776B01AF5A1}
IE - HKCU\..\SearchScopes\{036A9F2D-7421-4495-918E-126F8BBD7883}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5FADAA45-C5FB-4F5C-B8D7-F2E1B510C7CA}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CB4D6F64-54A2-4672-B91D-D776B01AF5A1}: "URL" = http://szukaj.gazeta.pl/portalSearch.do?s.si(navigation).navigationEnabled=true&s.sm.query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.wp.pl/"
FF - prefs.js..extensions.enabledAddons: IplextoALL@ALLPlayer.org:0.7.0
FF - prefs.js..extensions.enabledAddons: SignPlugin@pekao.pl:1.3.0.84
FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=a33a8d6e-760e-11e1-8b9d-000b6a8ae885&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-20 08:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2012-05-26 19:23:15 | 000,000,000 | ---D | M]
 
[2012-03-03 13:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Extensions
[2012-06-29 17:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\odfp9sel.default\extensions
[2012-06-29 17:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\extensions
[2012-06-29 17:18:54 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\extensions\IplextoALL@ALLPlayer.org
[2012-06-29 17:18:53 | 000,000,000 | ---D | M] (PEKAO S.A. Sign Plugin) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\extensions\SignPlugin@pekao.pl
[2012-05-26 01:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default mnmnmn\extensions
[2011-09-27 17:51:16 | 000,010,043 | ---- | M] () (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\extensions\IplextoALL@ALLPlayer.org.xpi
[2011-08-18 19:03:37 | 000,090,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2012-03-25 02:09:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rafal\Dane aplikacji\Mozilla\Firefox\Profiles\odfp9sel.default\searchplugins\startsear.xml
[2012-10-20 08:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-20 08:34:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-06 08:07:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-06 08:07:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-07-06 08:07:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-07-06 08:07:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-07-06 08:07:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-07-06 08:07:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2012-10-24 18:05:54 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts:             <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts:             <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts:             <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> 
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> 
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts:  .services {  font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web  {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts:  <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts:     <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\RakyatKelaparan.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Tok-Cirrhatus]  File not found
O4 - HKCU..\Run: [Tok-Cirrhatus-2256] C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\br5535on.exe ()
O4 - Startup: C:\Documents and Settings\Rafal\Menu Start\Programy\Autostart\Empty.pif ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F57FC78-F4C1-4A65-A789-83A4309869F0}: NameServer = 213.134.128.19,213.134.128.20
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\KesenjanganSosial.exe") - C:\WINDOWS\KesenjanganSosial.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-10-26 09:01:45 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5142efb8-c28d-11e1-8008-001485311e54}\Shell - "" = AutoRun
O33 - MountPoints2\{5142efb8-c28d-11e1-8008-001485311e54}\Shell\AutoRun\command - "" = D:\MicroLauncher.exe
O33 - MountPoints2\{78ba5080-b856-11e1-8006-001485311e54}\Shell - "" = AutoRun
O33 - MountPoints2\{78ba5080-b856-11e1-8006-001485311e54}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{f01b767d-a747-11e1-8002-001485311e54}\Shell\AutoRun\command - "" = D:\Launcher.exe
O33 - MountPoints2\{f01b7684-a747-11e1-8002-001485311e54}\Shell - "" = Autorun
O33 - MountPoints2\{f01b7684-a747-11e1-8002-001485311e54}\Shell\AutoRun\command - "" = D:\Install_Nokia_Ovi_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-10-26 08:58:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-10-26 08:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Pulpit\Trudna sprawa Brontok.A - Fixitpc.pl_pliki
[2012-10-26 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-26
[2012-10-25 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Dane aplikacji\NVIDIA
[2012-10-25 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-25
[2012-10-24 16:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2012-10-24 16:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2012-10-24 16:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2012-10-20 08:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-06-17 11:24:32 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe2E8D.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-10-26 09:01:45 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2012-10-26 09:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-26 08:51:32 | 000,087,073 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\Trudna sprawa Brontok.A - Fixitpc.pl.htm
[2012-10-26 08:16:24 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2012-10-25 18:51:14 | 001,194,485 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\ISO1_DVD.nri
[2012-10-25 18:37:45 | 000,290,988 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\Report.htm
[2012-10-25 16:59:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-24 18:05:54 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2012-10-24 18:05:54 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-10-24 17:22:34 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\sssss1111.bmp
[2012-10-24 17:22:13 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\sssss.bmp
[2012-10-23 22:28:48 | 000,292,716 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-10-23 22:28:48 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-10-22 21:20:35 | 000,292,716 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-10-20 13:33:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-10-20 13:33:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-10-10 19:46:13 | 000,008,936 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-10-08 19:29:15 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Rafal\Pulpit\Skrót do mirc.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-10-26 08:51:32 | 000,087,073 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Trudna sprawa Brontok.A - Fixitpc.pl.htm
[2012-10-26 08:16:24 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2012-10-25 18:54:18 | 000,632,785 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Zdjęcie013.jpg
[2012-10-25 18:51:12 | 001,194,485 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\ISO1_DVD.nri
[2012-10-25 18:37:45 | 000,290,988 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Report.htm
[2012-10-24 17:22:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\sssss1111.bmp
[2012-10-24 17:22:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\sssss.bmp
[2012-10-08 19:29:15 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Skrót do mirc.lnk
[2012-10-06 10:39:39 | 001,224,852 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Stacja metra Płocka (dawniej Wolska) - zdjęcie2.mht
[2012-09-30 17:44:24 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Wylew krwi do mózgu - I Ty możesz komuś pomóc.url
[2012-09-30 17:44:24 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Rafal\Pulpit\Zawał serca.url
[2012-07-14 12:39:07 | 000,045,940 | ---- | C] () -- C:\WINDOWS\php.ini
[2012-07-14 12:39:07 | 000,000,486 | ---- | C] () -- C:\WINDOWS\my.ini
[2012-05-15 23:18:20 | 000,008,936 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012-04-06 16:14:46 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-23 21:23:24 | 000,292,716 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-02-23 21:23:24 | 000,292,716 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-02-23 21:23:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-02-23 21:23:12 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-02-23 18:44:06 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-02-23 18:43:02 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-23 18:06:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-02-23 18:01:42 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-09-03 12:51:03 | 000,044,417 | -H-- | C] () -- C:\WINDOWS\KesenjanganSosial.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\smss.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\services.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\lsass.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\csrss.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\WINDOWS\System32\cmd-brontok.exe
[2011-09-03 12:51:03 | 000,044,417 | ---- | C] () -- C:\Documents and Settings\Rafal\Ustawienia lokalne\Dane aplikacji\br5535on.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2012-06-17 11:14:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008-04-14 22:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >