OTL logfile created on: 2012-12-26 16:52:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 59,58% Memory free 7,00 Gb Paging File | 5,45 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = d:\Program Files Drive C: | 97,66 Gb Total Space | 43,22 Gb Free Space | 44,26% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 142,17 Gb Free Space | 38,62% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-26 11:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(2).exe PRC - [2012-12-12 15:10:50 | 003,688,584 | ---- | M] (GG Network S.A.) -- C:\Users\user\AppData\Local\GG\Application\ggdrive\ggdrive.exe PRC - [2012-12-12 15:10:48 | 003,377,288 | ---- | M] (GG Network S.A.) -- C:\Users\user\AppData\Local\GG\Application\gghub.exe PRC - [2012-12-12 15:10:48 | 000,153,736 | ---- | M] (GG Network S.A.) -- C:\Users\user\AppData\Local\GG\Application\ggapp.exe PRC - [2012-12-11 22:14:27 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012-12-05 18:59:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-11-08 16:43:09 | 000,997,320 | ---- | M] () -- D:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-11-08 16:43:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- d:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-10-02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- d:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012-10-02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- d:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- d:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-09-02 12:21:22 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- D:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012-08-15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- D:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-01-17 18:50:30 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 18:50:30 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2011-01-12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011-01-12 15:41:24 | 002,219,184 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2010-04-22 21:37:16 | 002,285,637 | ---- | M] (Informer Technologies, Inc.) -- D:\Program Files\Software Informer\softinfo.exe PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-12 15:10:50 | 009,816,192 | ---- | M] () -- C:\Users\user\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2012-12-12 15:10:50 | 000,135,168 | ---- | M] () -- C:\Users\user\AppData\Local\GG\Application\ggdrive\zlib1.dll MOD - [2012-12-12 15:10:48 | 001,945,600 | ---- | M] () -- C:\Users\user\AppData\Local\GG\Application\xulrunner\mozjs.dll MOD - [2012-12-11 22:14:26 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012-12-05 18:59:03 | 002,397,152 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-11-08 16:43:09 | 000,997,320 | ---- | M] () -- D:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-11-08 16:43:09 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012-11-08 16:43:09 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2011-08-26 16:08:35 | 000,985,088 | ---- | M] () -- D:\Program Files\OpenOffice.org 3\program\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012-12-11 22:14:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-05 18:59:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- d:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-11-08 16:43:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- d:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- d:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-07-03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-08-24 05:22:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011-01-12 15:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011-01-12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at7juxdr) DRV - [2012-11-08 16:43:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-12-21 21:19:35 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011-08-17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-07-08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010-12-21 14:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010-12-21 14:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-12-21 12:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-03-22 17:29:08 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2010-03-04 17:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2004-08-13 17:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=tti&from=tti&uid=SAMSUNG_HD502IJ_S13TJ90S605957&ts=1352052063 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=tti&from=tti&uid=SAMSUNG_HD502IJ_S13TJ90S605957&ts=1352052063 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyCtByC0DtDyEyB0Azz0CtN0D0Tzu0CtBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=507572247 IE - HKLM\..\SearchScopes\{5E861E9E-E2C8-BDA6-1E9F-2DE007B5A60A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=tti&from=tti&uid=SAMSUNG_HD502IJ_S13TJ90S605957&ts=1352052063 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={0132A0C5-0918-43B1-9EE6-1E5830ED8117}&mid=c5e61a05a98c44b6a6521d07de697361-3a20f7e26cdb86274eb21d36bdf1990853d85b4b&lang=pl&ds=ax011&pr=&d=2012-09-22 23:09:36&v=13.2.0.5&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.pl/ IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyCtByC0DtDyEyB0Azz0CtN0D0Tzu0CtBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=507572247 IE - HKCU\..\SearchScopes\{4FE234A4-6549-47DD-B737-9E8D70895332}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKCU\..\SearchScopes\{5E861E9E-E2C8-BDA6-1E9F-2DE007B5A60A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0132A0C5-0918-43B1-9EE6-1E5830ED8117}&mid=c5e61a05a98c44b6a6521d07de697361-3a20f7e26cdb86274eb21d36bdf1990853d85b4b&lang=pl&ds=ax011&pr=&d=2012-09-22 23:09:36&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=137" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: d:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: d:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: d:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012-11-08 16:43:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-16 21:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012-12-22 16:05:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012-12-22 16:05:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-26 06:45:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ff@mozilla.com: C:\Users\user\AppData\Roaming\ff@mozilla.com [2012-04-15 12:35:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-16 21:04:40 | 000,000,000 | ---D | M] [2012-09-22 16:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012-11-22 06:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\598i7uga.default-1348076998804\extensions [2012-09-22 16:04:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\598i7uga.default-1348076998804\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-11-22 06:16:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\598i7uga.default-1348076998804\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-11-04 19:01:16 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\598i7uga.default-1348076998804\extensions\addon@freecorder.com [2012-09-22 16:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ijnamsty.default-1347657731678\extensions [2012-09-22 16:04:20 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ijnamsty.default-1347657731678\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-12-05 18:58:56 | 000,000,000 | ---D | M] (No name found) -- d:\Program Files\Mozilla Firefox\extensions [2012-12-05 18:58:56 | 000,000,000 | ---D | M] (Java Console) -- d:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-05 18:59:04 | 000,262,112 | ---- | M] (Mozilla Foundation) -- d:\Program Files\mozilla firefox\components\browsercomps.dll [2011-07-11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- d:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-02-19 11:26:54 | 000,002,767 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-11-08 16:43:29 | 000,003,572 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-02-19 11:26:54 | 000,001,406 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-19 11:26:54 | 000,000,917 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-19 11:26:54 | 000,000,858 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-09-22 16:04:15 | 000,002,519 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-02-19 11:26:54 | 000,001,183 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-19 11:26:54 | 000,001,683 | ---- | M] () -- d:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: {_signature:QoafFaHCvvTsTAXgfqknDY60Pa9IfVbjyDEjdS4eHfw=,_version:4,extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,bbjciahceamgodcoidkjpchnokgfpphh,blpcfgokakmgnkcojhhkbfbldkacnbeo,cjpglkicenollcignonpgiafdgfeehoj,coobgpohoikkiipiblmjeljniedjpjpf,dekpaneicnbbfejfifbaddjjhknfahci,icmlaeflemplmjndnaapfdbbnpncnbda,jcdgjdiieiljkfkdcloehkohchhpekkn,pbiamblgmkgbcgbcgejjgebalncpmhnp,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:true,homepage_is_newtabpage:false,session:{restore_on_startup:4,urls_to_restore_on_startup:[https://isearch.avg.com/?cid={0132A0C5-0918-43B1-9EE6-1E5830ED8117}&mid=c5e61a05a98c44b6a6521d07de697361-3a20f7e26cdb86274eb21d36bdf1990853d85b4b&lang=pl&ds=ax011&pr=&d=2012-09-22 23:09:36&v=12.2.5.34&sap=hp]}},browser:{clear_lso_data_enabled:true,pepper_flash_settings_enabled:true,window_placement:{bottom:556,left:0,maximized:true,right:800,top:0,work_area_bottom:984,work_area_left:0,work_area_right:1280,work_area_top:0}},cloud_print:{email:},countryid_at_install:20556,default_apps_install_state:1,default_search_provider:{id:16,name:Search Results,search_url:http://dts.search-results.com/sr?src=crb&appid=418&systemid=406&sr=0&q={searchTerms}},distribution:{create_all_shortcuts:true,do_not_launch_chrome:true,import_bookmarks:false,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:false,ping_delay:-60,show_welcome_page:true,skip_first_run_ui:false},dns_prefetching:{host_referral_list:[2,[http://88.80.2.96/,[http://88.80.2.96/,3.578224796300703]],[http://ad-g.doubleclick.net/,[http://googleads.g.doubleclick.net/,0.4036084614441065,http://pagead2.googlesyndication.com/,0.7511591599742703]],[http://ad.adc-serv.net/,[http://ad.adc-serv.net/,1.078863054778890,http://ad.zanox.com/,3.01587410046770]],[http://allegro.pl/,[http://static.allegrostatic.pl/,0.1121079596793503]],[http://analytics.gazeta.pl/,[http://analytics.gazeta.pl/,1.143020157987104,http://www.google-analytics.com/,1.143020157987104]],[http://api.zumi.pl/,[http://www.zumi.pl/,2.744939569764930]],[http://besty.pl/,[http://ad.yieldmanager.com/,2.253575376373076,http://advice.hit.gemius.pl/,1.967674022654108,http://besty.pl/,5.398490267281792,http://content.yieldmanager.edgesuite.net/,1.967674022654108,http://cookex.amp.yahoo.com/,1.967674022654108,http://csi.gstatic.com/,1.967674022654108,http://diff3.smartadserver.com/,2.539476730092054,http://qnet.hit.gemius.pl/,1.967674022654108,http://static.ak.fbcdn.net/,2.825378083811022,http://www.google-analytics.com/,2.253575376373076]],[http://demotywatory.pl/,[http://advice.hit.gemius.pl/,1.857229544077406,http://demotywatory.pl/,1.857229544077406,http://pagead2.googlesyndication.com/,1.857229544077406,http://partner.googleadservices.com/,2.127083409456182,http://static.ak.fbcdn.net/,1.857229544077406,http://www.facebook.com/,3.206498870971254,http://www.google-analytics.com/,2.127083409456182,https://apis.google.com/,2.127083409456182,https://s-static.ak.fbcdn.net/,2.127083409456182,https://www.facebook.com/,2.127083409456182]],[http://facebook.pl/,[http://pl-pl.facebook.com/,1.953843432834860,http://www.facebook.com/,1.445014616369107]],[http://faceboook.pl/,[http://nagroda.co/,2.189416085407738]],[http://googleads.g.doubleclick.net/,[http://googleads.g.doubleclick.net/,0.08183217319031946,http://pagead2.googlesyndication.com/,0.7969094089411902]],[http://ipolisa.pl/,[http://ipolisa.pl/,0.09882897068718097]],[http://nagroda.co/,[http://88.80.2.96/,2.189416085407738]],[http://olsztyn.gazeta.pl/,[http://adsearch.adkontekst.pl/,1.967674022654108,http://analytics.gazeta.pl/,2.253575376373076,http://bi.gazeta.pl/,9.115207865628445,http://de.tynt.com/,1.967674022654108,http://ds.serving-sys.com/,1.967674022654108,http://ic.tynt.com/,1.967674022654108,http://olsztyn.gazeta.pl/,3.968983498686923,http://static.adtaily.pl/,3.397180791248978,http://www.facebook.com/,2.825378083811022,http://www.google-analytics.com/,2.825378083811022]],[http://otomoto.pl/,[http://galle.hit.gemius.pl/,1.911654343229138,http://gg.adocean.pl/,2.744939569764930,http://gg.hit.gemius.pl/,18.40431592279573,http://ggao.hit.gemius.pl/,3.793653862527747,http://ipolisa.pl/,4.880977200842653,http://otomoto.hit.gemius.pl/,3.793653862527747,http://photos02.otomoto.pl/,14.55519091629452,http://photos03.otomoto.pl/,10.66652652579420,http://static-img.otomoto.pl/,13.89686503353961,http://www.google-analytics.com/,4.626939089063539]],[http://pl-pl.facebook.com/,[http://sc.sweetim.com/,2.27338020,http://static.ak.fbcdn.net/,4.777083329775441]],[http://s.ytimg.com/,[http://i4.ytimg.com/,4.133748280657905,http://o-o.preferred.netia-ktw1.v18.lscache7.c.youtube.com/,3.888544984640822,http://o-o.preferred.netia-ktw1.v23.lscache2.c.youtube.com/,1.911654343229138,http://o-o.preferred.netia-ktw1.v3.lscache8.c.youtube.com/,4.016060467107570,http://o-o.preferred.netia-ktw1.v5.lscache4.c.youtube.com/,3.855986538479313,http://o-o.preferred.netia-ktw1.v7.lscache5.c.youtube.com/,3.022701311943521,http://s.youtube.com/,12.50061191532792,http://s.ytimg.com/,13.86546526108086,http://s0.2mdn.net/,5.420684931600194,http://www.youtube.com/,8.373261697167022]],[http://sc.sweetim.com/,[http://www.google-analytics.com/,2.60370040,http://www.sweetim.com/,2.27338020]],[http://search.searchcompletion.com/,[http://cdn1.predictad.com/,0.8090091894001149,http://cdn1.searchcompletion.com/,1.086770931578706,http://en.wikipedia.org/,1.911654343229138,http://feed-ads.com/,0.9265575331591112,http://geo.widdit.com/,0.8090091894001149,http://search.searchcompletion.com/,4.932770267418428,http://static.app.widdit.com/,0.8090091894001149,http://www.google-analytics.com/,1.364532673757307]],[http://soft.foxtab.com/,[http://static.apps.foxtab.com/,1.419140733698341,http://www.foxtab.com/,2.333716473987959,http://www.google-analytics.com/,1.156969607866914,http://www.googleadservices.com/,1.755354124018645]],[http://startpins.com/,[http://ajax.googleapis.com/,2.387589482583325,http://startpins.com/,8.142749205526755,http://stats.startpins.com/,2.387589482583325]],[http://startsear.ch/,[http://search.searchcompletion.com/,1.293203032834851,http://startpins.com/,2.993395769208946]],[http://static.ak.fbcdn.net/,[http://cfs-p4.l3.fbcdn.net/,1.967674022654108,http://video.ak.fbcdn.net/,1.967674022654108,http://video.l3.fbcdn.net/,1.967674022654108,http://vthumb.ak.fbcdn.net/,2.825378083811022,http://www.facebook.com/,3.968983498686923]],[http://tools.google.com/,[http://tools.google.com/,2.445443599663275,http://www.google-analytics.com/,1.703076792622632,http://www.google.com/,1.950532394969516]],[http://w159.wrzuta.pl/,[http://c.wrzuta.pl/,8.829306511909477,http://f.o2.pl/,1.967674022654108,http://gde-default.hit.gemius.pl/,2.253575376373076,http://my.adocean.pl/,2.825378083811022,http://spot.o2.pl/,1.967674022654108,http://tracking.quisma.com/,1.967674022654108,http://w159.wrzuta.pl/,2.253575376373076,http://www.facebook.com/,2.253575376373076,http://www.google-analytics.com/,2.253575376373076,http://www.wrzuta.pl/,8.829306511909477]],[http://www.avast.com/,[http://an.avast.com/,1.391427423195879,http://dnn506yrbagrg.cloudfront.net/,1.255616270450151,http://dw.com.com/,2.529573049611990,http://static.avast.com/,20.15446382183355,http://www.avast.com/,1.255616270450151,http://www.google-analytics.com/,2.169070543753617,http://www.youtube.com/,2.529573049611990]],[http://www.facebook.com/,[http://1-292.channel.facebook.com/,2.27338020,http://cdn.rep.sc.sweetim.com/,5.246261999999999,http://f.funmoods.com/,4.915941799999999,http://photos-c.ak.fbcdn.net/,3.594660999999999,http://profile.ak.fbcdn.net/,25.39579419999999,http://sc.sweetim.com/,12.51330640,http://sphotos-a.ak.fbcdn.net/,2.27338020,http://static.ak.fbcdn.net/,14.72595605660123,http://www.facebook.com/,3.924981199999999,http://www.google-analytics.com/,2.27338020]],[http://www.google.com/,[http://www.google.pl/,1.703076792622632]],[http://www.google.pl/,[http://ssl.gstatic.com/,1.703076792622632,http://www.google.pl/,2.445443599663275]],[http://www.kwejk.pl/,[http://diff3.smartadserver.com/,2.253575376373076,http://kwejk.pl/,6.256194328438715,http://s0.2mdn.net/,2.253575376373076,http://s3.hit.stat24.com/,2.253575376373076,http://st.hit.gemius.pl/,1.967674022654108,http://static.ak.fbcdn.net/,3.111279437530,http://www.facebook.com/,3.968983498686923,http://www.google-analytics.com/,2.253575376373076,https://apis.google.com/,2.253575376373076,https://www.facebook.com/,2.253575376373076]],[http://www.photoblog.pl/,[http://ad.adview.pl/,2.27338020,http://ced.sascdn.com/,2.27338020,http://diff3.smartadserver.com/,5.246261999999999,http://gazeta.hit.gemius.pl/,3.924981199999999,http://s.photoblog.pl/,47.52724760000015,http://t1.fbl.pl/,5.906902399999998,http://t2.fbl.pl/,4.255301399999999,http://t3.fbl.pl/,5.576582199999999,http://t4.fbl.pl/,5.246261999999999,http://www.google-analytics.com/,2.27338020]],[http://www.wrzuta.pl/,[http://c.wrzuta.pl/,2.539476730092054,http://w159.wrzuta.pl/,2.539476730092054,http://wrzuta.pl/,1.967674022654108,http://www.wrzuta.pl/,2.539476730092054]],[http://www.youtube.com/,[http://clients1.google.com/,2.522904874305965,http://csi.gstatic.com/,1.196821431078727,http://i1.ytimg.com/,3.244592231947342,http://i2.ytimg.com/,2.921056068963723,http://i3.ytimg.com/,2.685821814241123,http://i4.ytimg.com/,4.271963395248871,http://o-o.preferred.netia-ktw1.v18.lscache7.c.youtube.com/,1.202786906163575,http://o-o.preferred.netia-ktw1.v23.lscache2.c.youtube.com/,0.9537096468036074,http://s.ytimg.com/,5.677991262642109,http://www.gstatic.com/,0.8327166319106066]],[http://www.zumi.pl/,[http://api.zumi.pl/,3.022701311943521,http://m.onet.pl/,9.411221382051201,http://mimg.onet.pl/,3.855986538479313,http://mimg4.onet.pl/,2.744939569764930,http://mimgl1.onet.pl/,4.133748280657905,http://mimgl2.onet.pl/,4.411510022836495,http://mimgl3.onet.pl/,3.855986538479313,http://mimgl4.onet.pl/,3.578224796300703,http://reklama.onet.pl/,112.4608277303107,http://www.zumi.pl/,143.2923811121351]],[http://youtube.pl/,[http://www.youtube.com/,1.959398534598273]],[http://zumi.pl/,[http://www.zumi.pl/,2.189416085407738]],[https://plusone.google.com/,[https://apis.google.com/,0.5202864653435648,https://plusone.google.com/,0.5164049792741832]],[https://www.facebook.com/,[https://fbcdn-profile-a.akamaihd.net/,4.384260795781341,https://igor.funmoods.com/,2.27338020,https://pixel.facebook.com/,0.6827246029026884,https://s-static.ak.facebook.com/,6.364275041490958,https://s-static.ak.fbcdn.net/,10.74732584059706,https://www.facebook.com/,3.074278271234022]]],startup_list:[1,http://addon.greetingmoods.com/,http://api.webrep.avast.com/,http://cdn.montiera.com/,http://facebook.pl/,http://localhost:18821/,http://localhost:27275/,http://localhost:7754/,http://reports.funmoods.com/,http://www.google-analytics.com/,https://ssl.google-analytics.com/]},download:{directory_upgrade:true,extensions_to_open:},extensions:{alerts:{initialized:true},autoupdate:{last_check:12974683790981000,next_check:12992131877720800},blacklistupdate:{lastpingday:12974630398974000,version:0.0.0.90},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html],newtab:[chrome-extension://cfkcfimnblbphkacidmbkngedlaioigl/config/skin/new-tab.html]},settings:{aemcjbfajnnmhblifaejadoecfoaebld:{blacklist:true},agmhonoepgcnakccfpidhjehlocaeaaj:{blacklist:true},ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[appNotifications,management,webstorePrivate]},app_launcher_index:-2,app_launcher_ordinal:h,page_index:0,page_ordinal:n},ahjfgnikolodijnpakeknpilnemojlhc:{blacklist:true},alcbnnpmipohgdllkkglhkbncijplago:{blacklist:true},apdmgffkfhjfeejmbjidennfjdkmmmbl:{blacklist:true},bbjciahceamgodcoidkjpchnokgfpphh:{active_permissions:{api:[cookies,tabs],explicit_host:[http://*.facebook.com/*,http://*/*,https://*.facebook.com/*]},events:[runtime.onInstalled],from_bookmark:false,from_webstore:false,install_time:12991858413906600,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,http://*/*,http://*.facebook.com/,https://*.facebook.com/,http://addon.greetingmoods.com],update_url:http://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1},blpcfgokakmgnkcojhhkbfbldkacnbeo:{active_bit:false,active_permissions:{api:[appNotifications]},app_launcher_ordinal:n,from_bookmark:true,from_webstore:false,install_time:12974664172177000,last_active_pingday:12974630398378000,lastpingday:12974630398120000,location:2,manifest:{app:{launch:{container:tab,web_url:http://www.youtube.com/},web_content:{enabled:true,origin:http://www.youtube.com}},current_locale:pl,default_locale:en,description:Najpopularniejsza spoĹ‚eczność odbiorcĂłw filmĂłw online na Ĺ›wiecie.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB,name:YouTube,permissions:[appNotifications],update_url:http://clients2.google.com/service/update2/crx,version:4.2.5},page_ordinal:n,path:blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0,state:1},cbbjhegipokkofhhicbckicchjpcpeni:{blacklist:true},cfkcfimnblbphkacidmbkngedlaioigl:{allowFileAccess:true,incognito:true,location:4,path:d:\\Program Files\\Searchqu Toolbar\\Datamngr\\ChromeExtension,state:1},cihlkpohodpdkdnfalhdkhhlhmhffmbe:{blacklist:true},cjpglkicenollcignonpgiafdgfeehoj:{active_permissions:{api:[bookmarks,management,tabs],explicit_host:[http://*/*,https://*/*],scriptable_host:[http://*/*,https://*/*]},events:[runtime.onInstalled],from_bookmark:false,from_webstore:false,install_time:12991858416967600,location:3,manifest:{background_page:background.html,baseUrl:http://start.funmoods.com/results.php?,chrome_url_overrides:{newtab:speeddial.html},content_scripts:[{js:[content_script.js],matches:[http://*/*,https://*/*],run_at:document_idle}],description:SpeedDial for Chrome - replace Chrome new tab with your predefined visual bookmarks.,icons:{128:icons/128.png,32:icons/32.png,48:icons/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRqN9D2z7WOarG6HPbopiFxzXhGGBycI3jvJwPztlgJ6/vTsLX2SLP1xj54If/v/5F6Nz1WHHhOgTgaQ0xCch4ELAluUDnjx/gjtMi1nlw38O+TWcinxlXVVE4zRtd+p6iMxrrhno7LRykN4iyjqhK2RqYrTHbb1LDj4f4vcY/6wIDAQAB,name:SpeedDial,options_page:speeddial.html#options,page_action:{icon:icons/16.png,popup:popup.html},permissions:[bookmarks,tabs,http://*/*,https://*/*,management],update_url:http://update.funmoods.com/speeddial/update.xml?bu=st,version:4.0},path:cjpglkicenollcignonpgiafdgfeehoj\\4.0_0,state:1},coajchbkdbfhmhbgcjepiofllfjjcpfp:{blacklist:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,app_launcher_ordinal:w,events:[runtime.onInstalled],from_bookmark:true,from_webstore:true,install_time:12989354945084700,lastpingday:12974630398120000,location:2,manifest:{app:{launch:{web_url:http://www.google.com/webhp?source=search_app},urls:[*://www.google.com/search,*://www.google.com/webhp,*://www.google.com/imgres]},current_locale:pl,default_locale:en,description:Najszybszy sposĂłb na przeglÄ…danie internetu.,icons:{128:128.png,16:16.png,32:32.png,48:48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB,name:Szukaj w Google,update_url:http://clients2.google.com/service/update2/crx,version:0.0.0.19},page_ordinal:n,path:coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0,state:1},danapgfidmepmcfbjjacceiaiiioieio:{blacklist:true},dbmdicehacbaohlockjgdglcobimmjkh:{blacklist:true},dgcfmgdfbfbgcpbendbhbkfjppboebed:{blacklist:true},dmkdhgkknhnfpdjeicefnpmhcpbimden:{blacklist:true},doneghboglgnflpdicnkaojmmljgejkj:{blacklist:true},dpgenihgggagjjggfocjceeobjkadcbc:{blacklist:true},ebdcdchjcndpjhehacedepnggfdbfkpn:{blacklist:true},efhjelcghjkfigiagdfbfilndaffpmdj:{blacklist:true},efnaljpgehfilpmkhobibbjceeeondmn:{blacklist:true},flmmgcfcpbfddenepkfmgfpbaceolcoe:{blacklist:true},fmonlemffgbabjifjfaoamdflijecdbk:{blacklist:true},fpbippbofbmgmbojjmgfcifpmdaelcmd:{blacklist:true},gjkbghdignnlcknknflbigpammebiolo:{blacklist:true},gkjeccpmibljcfpfapfljciimedljpnm:{blacklist:true},hcapokajkngndbglnfglpfdpoeidmpha:{blacklist:true},hcpndbchnlgojmnijaldkicigmihmdca:{blacklist:true},hgjgaeknhmidehalnmokomhpfhbfmpcm:{blacklist:true},hhfiljkpjapjjphcocclhhaldpfkkjbi:{blacklist:true},hhjmkijkgojfifipdgmiemghfikbohcm:{blacklist:true},hpibmhghjndideebpackbdlpncgkcppp:{blacklist:true},icmlaeflemplmjndnaapfdbbnpncnbda:{active_permissions:{api:[tabs,webNavigation],explicit_host:[http://*/*,https://*/*],scriptable_host:[http://*/*,https://*/*]},events:[runtime.onInstalled],from_bookmark:false,from_webstore:false,install_time:12991858419229600,location:3,manifest:{background_page:background.html,browser_action:{default_icon:skin/images/icons/grey0-16.png,default_title:avast! WebRep,popup:popup.html},content_scripts:[{css:[skin/css/anchor.css],matches:[http://*/*,https://*/*]}],current_locale:pl,default_locale:en,description:Web Reputation Plugin,icons:{128:skin/images/icons/green3-24.png,256:skin/images/icons/green3-24.png,48:skin/images/icons/green3-24.png,64:skin/images/icons/green3-24.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfBBgbBomL+8Ze0I3H5diuRW5XcxzEGzMgmCWRwf/XB4gdxIKK880IIDrKW13wW/RjlB5M6CipuiERx/91yBYP6Oz+56h22Chwgn0zIiGq35MJpP1cfYbnp4bzl1odIIX/d8j8LZ+Ur22y76sZP+WtoFphr+7axJRXC8IrXhAEcQIDAQAB,name:avast! WebRep,permissions:[http://*/*,https://*/*,tabs,webNavigation],version:7.0.1466},path:icmlaeflemplmjndnaapfdbbnpncnbda\\7.0.1466_0,state:1},ifbkndkaolfbjjhnnhfmkbkoclpdkpli:{blacklist:true},ijenlpgidnapbndonoinbkhekgjonojg:{blacklist:true},imfbomjbodpfgfhfahlgkkcllmhbelhk:{blacklist:true},iomejadoamfilglofmeaffghddcgapmf:{blacklist:true},jcdgjdiieiljkfkdcloehkohchhpekkn:{active_permissions:{scriptable_host:[http://*.facebook.com/*]},events:[runtime.onInstalled],from_bookmark:false,from_webstore:false,install_time:12991858413329600,location:3,manifest:{content_scripts:[{js:[fbsim.js],matches:[http://*.facebook.com/*],run_at:document_end}],description:SweetIm for Facebook,icons:{128:128.png,16:16.png,48:48.png},id:EEE777IIEILJKFKDCLOEHKOHCHHPEKKN,key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMCuT713WyOTS+OzGSF6+vUL9o7Q4pSCdroHFA3zqgTkJyBsREdX/8Rng3+QZfB4ol4P1NYPQ1G+EXuVzC8yhrGd1C7E43AAQb2/ex4ihV/9hpKQ+B6VxnbFh2mDJYaLw99Fyo1iGImyhNoffFw997IRvG6YlPQn5HcUu0KtkL5wIDAQAB,name:SweetIM for Facebook,version:1.0.0.0},path:jcdgjdiieiljkfkdcloehkohchhpekkn\\1.0.0.0_0,state:1},jjnkfllhcgkgnfbekpnmoikpfihpjfli:{blacklist:true},jpkdlckejfjidmplieobnhijmoiecbhl:{blacklist:true},kbipembkfhbdmkkkfbigmohilmknjnof:{blacklist:true},kcanfkmhccbaheheaackijegkclkaeic:{blacklist:true},kinhljbhjmcmoddhdoodekeklmjapjff:{blacklist:true},kleaapgdkahaekcocmkbgfainbhihccj:{blacklist:true},lbficnmfealeidppcbgdcbemgfjodbkg:{blacklist:true},lceaiepehinnomgijphkmjccbigkljkj:{blacklist:true},likifpgnijjfbdegfepoalpamlgnfofi:{blacklist:true},lncjcfkpannmofmpgdfoonkniofdnaba:{blacklist:true},mbmdaiddhfoljplpdhohimgieioblfif:{blacklist:true},mfffdpnblflpobcnekhekiahepofaane:{blacklist:true},mfhfkclojmdocagbmecgcnlofppebebd:{blacklist:true},mjgobkikdipfikmaoakdcdbicpioljgg:{blacklist:true},mkobblpffgbncfhijabakfafmkjdmmnm:{blacklist:true},mlmegahemifabfmdnndafagnncfbnahn:{blacklist:true},mlmmbepkgelpbenpobinockmiehdahai:{blacklist:true},mnichagcickblneeijmfnmoiakigmmhf:{blacklist:true},mogepbcllienegdibkfpmombhefhcoic:{blacklist:true},ndiogongcmocdgjciemhagfhpjamehpe:{blacklist:true},nidodbfomffkfabciljelkbdiabkeehe:{blacklist:true},nmphbnbmgfccfhcmibikmhcgajjpelpf:{blacklist:true},nnioepmjbjjlflmdgjanlcmbjahljeeo:{blacklist:true},onpnpccdagncipgnoofbhchlbajcjnkd:{blacklist:true},ookcgejbfhcmcanfkfmmmpahflnlajbl:{blacklist:true},pbglijbamgmlcpnnpbfjkbdeheejjloj:{blacklist:true},pbiamblgmkgbcgbcgejjgebalncpmhnp:{ack_external:true,active_permissions:{api:[plugin]},from_bookmark:false,from_webstore:false,install_time:12974663840478000,lastpingday:12974630398120000,location:3,manifest:{description:LiveVDO plugin,key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDm0kY97JOgCRYiLDEiVAxcNrf+sVjrGodAe1rdXTZbGzR6tX/+HFi93buzyKoI/gGlprJOTNeHgL/yBf6mqbxDYmgs08/PAXKOlywadsQ7dmk248m2UROSH6XZ8KuOWkWB++MnoeQPR/uYfcRPr0qB6D7a0nw/tmYj4xDYQh0GCwIDAQAB,name:LiveVDO plugin,plugins:[{path:chvsharetvplg.dll,public:true}],version:1.3},path:pbiamblgmkgbcgbcgejjgebalncpmhnp\\1.3_0,state:1},pfcelnbmkeoaeicedjomcjkcammlkdbk:{blacklist:true},pjdhkkcnlbfebiokpeghfffajaabahfo:{blacklist:true},pjkljhegncpnkpknbcohdijeoejaedia:{active_permissions:{api:[notifications]},app_launcher_ordinal:t,from_bookmark:true,from_webstore:false,install_time:12974664172747000,lastpingday:12974630398120000,location:2,manifest:{app:{launch:{container:tab,web_url:https://mail.google.com/mail/ca},urls:[*://mail.google.com/mail/ca]},current_locale:pl,default_locale:en,description:Szybka usĹ‚uga poczty e-mail z moĹĽliwoĹ›ciÄ… wyszukiwania i mniejszÄ… iloĹ›ciÄ… spamu.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB,name:Gmail,options_page:https://mail.google.com/mail/ca/#settings,permissions:[notifications],update_url:http://clients2.google.com/service/update2/crx,version:7},page_ordinal:n,path:pjkljhegncpnkpknbcohdijeoejaedia\\7_0,state:1},pkbbbncikcipejaiiiioboongndhmjgl:{blacklist:true},pkbkkendemaimikinaefldfljliecapm:{blacklist:true},pnpgiaejfbdapllkchhgchjpdbcpiooa:{blacklist:true}},toolbar:[bbjciahceamgodcoidkjpchnokgfpphh,icmlaeflemplmjndnaapfdbbnpncnbda],toolbarsize:-1},google:{services:{username:}},homepage:https://isearch.avg.com/?cid={0132A0C5-0918-43B1-9EE6-1E5830ED8117}&mid=c5e61a05a98c44b6a6521d07de697361-3a20f7e26cdb86274eb21d36bdf1990853d85b4b&lang=pl&ds=ax011&pr=&d=2012-09-22 23:09:36&v=12.2.5.34&sap=hp,homepage_is_newtabpage:false,http_throttling:{enabled:true},instant:{enabled_time:12974663839458000},net:{http_server_properties:{apis.google.com:443:{settings:[{id:5,value:27},{id:6,value:0}],supports_spdy:true},clients1.google.com:443:{settings:[{id:4,value:100}],supports_spdy:true},clients2.google.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:true},googleads.g.doubleclick.net:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:true},i1.ytimg.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:true},plusone.google.com:443:{settings:[{id:5,value:7},{id:6,value:0}],supports_spdy:true},ssl.google-analytics.com:443:{settings:[{id:4,value:100},{id:5,value:10}],supports_spdy:true},ssl.gstatic.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:true},toolbarqueries.google.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:true}}},ntp:{app_page_names:[Aplikacje],pref_version:3,promo_closed:false,promo_end:1299830340.0,promo_feature_mask:0,promo_group:43,promo_group_max:0,promo_group_timeslice:0,promo_is_logged_in_to_plus:false,promo_line:Korzystasz z Google Chrome na kilku komputerach? PrzenieĹ› swoje zakĹ‚adki.,promo_resource_cache_update:1347657763.5478,promo_start:1299830280.0,promo_views:0,promo_views_max:0,shown_sections:64,sign_in_promo:{group:16,group_max:100}},plugins:{enabled_internal_pdf3:true,enabled_nacl:true,last_internal_directory:d:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89,plugins_list:[{enabled:false,name:Shockwave Flash,path:C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\11.1.31.203\\pepflashplayer.dll,version:11.1.31.203},{enabled:true,name:Shockwave Flash,path:d:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\gcswf32.dll,version:11,1,102,62},{enabled:true,name:Shockwave Flash,path:C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll,version:11,1,102,55},{enabled:true,name:Flash},{enabled:true,name:Remoting Viewer,path:internal-remoting-viewer,version:},{enabled:true,name:Remoting Viewer},{enabled:true,name:Native Client,path:d:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\ppGoogleNaClPluginChrome.dll,version:},{enabled:true,name:Native Client},{enabled:true,name:Chrome PDF Viewer,path:d:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\pdf.dll,version:},{enabled:true,name:Chrome PDF Viewer},{enabled:true,name:LiveVDO plug-in,path:C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pbiamblgmkgbcgbcgejjgebalncpmhnp\\1.3_0\\chvsharetvplg.dll,version:1.3.0.1},{enabled:true,name:LiveVDO plug-in,path:D:\\Program Files\\Mozilla Firefox\\plugins\\npvsharetvplg.dll,version:1.3.0.1},{enabled:true,name:LiveVDO plug-in},{enabled:true,name:Adobe Acrobat,path:D:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll,version:9.5.0.270},{enabled:false,name:Adobe Acrobat},{enabled:true,name:QuickTime Plug-in 7.6,path:D:\\Program Files\\Google\\Chrome\\Application\\plugins\\npqtplugin.dll,version:7.6 (1292)},{enabled:true,name:QuickTime Plug-in 7.6,path:D:\\Program Files\\Google\\Chrome\\Application\\plugins\\npqtplugin2.dll,version:7.6 (1292)},{enabled:true,name:QuickTime Plug-in 7.6,path:D:\\Program Files\\Google\\Chrome\\Application\\plugins\\npqtplugin3.dll,version:7.6 (1292)},{enabled:true,name:QuickTime Plug-in 7.6,path:D:\\Program Files\\Google\\Chrome\\Application\\plugins\\npqtplugin4.dll,version:7.6 (1292)},{enabled:true,name:QuickTime Plug-in 7.6,path:D:\\Program Files\\Google\\Chrome\\Application\\plugins\\npqtplugin5.dll,version:7.6 (1292)},{enabled:true,name:QuickTime},{enabled:true,name:Java Deployment Toolkit 6.0.220.4,path:D:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll,version:6.0.220.4},{enabled:true,name:Java(TM) Platform SE 6 U22,path:D:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll,version:6.0.220.4},{enabled:true,name:Java},{enabled:true,name:Microsoft® Windows Media Player Firefox Plugin,path:D:\\Program Files\\Mozilla Firefox\\plugins\\np-mswmp.dll,version:1.0.0.8},{enabled:true,name:Windows Media Player},{enabled:true,name:Winamp Application Detector,path:D:\\Program Files\\Mozilla Firefox\\plugins\\npwachk.dll,version:5,6,2,3173},{enabled:true,name:Winamp Application Detector},{enabled:true,name:Google Update,path:d:\\Program Files\\Google\\Update\\1.3.21.99\\npGoogleUpdate3.dll,version:1.3.21.99},{enabled:true,name:Google Update},{enabled:true,name:Silverlight Plug-In,path:d:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\npctrl.dll,version:4.1.10111.0},{enabled:true,name:Silverlight},{enabled:true,name:NVIDIA 3D Vision,path:d:\\Program Files\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll,version:7.17.12.8562},{enabled:true,name:NVIDIA 3D VISION,path:d:\\Program Files\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll,version:7.17.12.8562},{enabled:true,name:NVIDIA 3D},{enabled:true,name:Pando Web Plugin,path:d:\\Program Files\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll,version:2.3.3.8},{enabled:true,name:Pando Web Plugin},{enabled:true,name:Default Plug-in,path:default_plugin,version:1},{enabled:true,name:Default Plug-in}]},profile:{avatar_index:0,content_settings:{clear_on_exit_migrated:true,pattern_pairs:{*,*:{per_plugin:{npsitesafety.dll:1}}},plugin_whitelist:{npsitesafety:{dll:true}},pref_version:1},exited_cleanly:true,name:Pierwszy uĹĽytkownik,per_host_zoom_levels:{startpins.com:-2.229388713836670}},session:{restore_on_startup:4,restore_on_startup_migrated:true,urls_to_restore_on_startup:[https://isearch.avg.com/?cid={0132A0C5-0918-43B1-9EE6-1E5830ED8117}&mid=c5e61a05a98c44b6a6521d07de697361-3a20f7e26cdb86274eb21d36bdf1990853d85b4b&lang=pl&ds=ax011&pr=&d=2012-09-22 23:09:36&v=12.2.5.34&sap=hp]},tabs:{use_vertical_tabs:false},homepage: http://www.gazeta.pl/0,0.html?p=137 CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - d:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - d:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - d:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - d:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - d:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - d:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - d:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - d:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - d:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - d:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - d:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - d:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O4 - HKLM..\Run: [DATAMNGR] d:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ROC_ROC_NT] d:\Program Files\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [Sweetpacks Communicator] D:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] d:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [ALLUpdate] d:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [GG] C:\Users\user\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKCU..\Run: [RGSC] D:\Program Files\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Software Informer] d:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Key error. File not found O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53591408-0862-444F-836F-343E528CD9BE}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (d:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (d:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LogonInit: DllName - (logonInit.dll) - C:\Program Files\Common Files\logonInit.dll () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{961d03b1-e9e1-11e0-af47-00248c626d04}\Shell - "" = AutoRun O33 - MountPoints2\{961d03b1-e9e1-11e0-af47-00248c626d04}\Shell\AutoRun\command - "" = J:\start.exe O33 - MountPoints2\{9bdb78c9-2ee7-11e1-b89c-00248c626d04}\Shell - "" = AutoRun O33 - MountPoints2\{9bdb78c9-2ee7-11e1-b89c-00248c626d04}\Shell\AutoRun\command - "" = K:\iStudio.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within (All) ==========[/color] [2012-12-26 11:27:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(2).exe [2012-12-25 15:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast [2012-12-25 15:57:50 | 000,000,000 | ---D | C] -- d:\Program Files\Tibiacast [2012-12-24 15:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2012-12-22 22:45:06 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\HP Photosmart Projects [2012-12-22 00:03:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-22 00:03:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-20 08:12:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs [2012-12-16 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GrabIt [2012-12-14 17:15:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Euro Truck Simulator 2 [2012-12-13 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\HP [2012-12-13 06:47:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-12-13 06:47:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll [2012-12-13 06:47:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012-12-13 06:47:47 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll [2012-12-13 06:47:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012-12-13 06:47:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012-12-13 06:47:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 06:47:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 06:47:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 06:47:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012-12-13 06:47:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 06:47:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 06:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 06:47:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 06:47:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 06:47:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012-12-13 06:47:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 06:47:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 06:47:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 06:47:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 06:47:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012-12-13 06:47:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 06:47:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012-12-13 06:47:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012-12-13 06:47:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012-12-05 18:58:56 | 000,000,000 | ---D | C] -- d:\Program Files\Mozilla Firefox [color=#E56717]========== Files - Modified Within (All) ==========[/color] [2012-12-26 16:55:22 | 002,359,296 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2012-12-26 16:42:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-26 16:14:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-12-26 15:34:28 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-26 15:33:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-12-26 15:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-26 15:33:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012-12-26 15:21:27 | 003,143,996 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2012-12-26 11:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(2).exe [2012-12-24 15:14:54 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2012-12-22 15:20:31 | 000,296,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-12-20 11:00:00 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-20 11:00:00 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-18 06:22:19 | 001,662,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-12-18 06:22:19 | 000,737,714 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-12-18 06:22:19 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-12-18 06:22:19 | 000,154,402 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-12-18 06:22:19 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-12-16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-16 13:37:09 | 000,001,100 | ---- | M] () -- C:\Users\user\Desktop\GG.lnk [2012-12-13 23:00:15 | 065,087,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe [2012-12-11 22:14:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-12-11 22:14:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-12-07 22:21:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012-12-07 22:20:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-28 14:05:08 | 000,000,995 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-11-22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-16 13:37:09 | 000,001,100 | ---- | C] () -- C:\Users\user\Desktop\GG.lnk [2012-12-16 13:37:08 | 000,001,108 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2012-12-07 22:21:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012-12-07 22:20:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-28 14:05:08 | 000,000,995 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-11-16 21:04:18 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012-11-16 21:03:41 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\Centrum obsługi HP.lnk [2012-11-16 21:03:31 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Zakup materiałów eksploatacyjnych HP.lnk [2012-11-16 21:03:13 | 000,001,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-11-16 21:00:50 | 000,177,236 | ---- | C] () -- C:\Windows\hpoins14.dat [2012-11-16 21:00:50 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat [2012-10-28 09:55:26 | 000,000,020 | -H-- | C] () -- C:\Users\user\Documents\.picasa.ini [2012-10-19 18:46:34 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\logonInit.dll [2012-10-10 21:14:28 | 000,012,865 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012-09-05 19:08:46 | 002,697,327 | ---- | C] () -- C:\Users\user\Documents\2012-09-05 17.58.52.jpg [2012-09-05 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\2012-09-05 17.58.52.jpg [2012-08-27 10:26:55 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk [2012-08-27 10:24:03 | 000,384,844 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods-speeddial.crx [2012-08-27 10:24:02 | 000,031,465 | ---- | C] () -- C:\Users\user\AppData\Local\funmoods.crx [2012-08-27 10:24:02 | 000,000,712 | ---- | C] () -- C:\Users\user\Desktop\Video Converter.lnk [2012-08-26 13:15:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\typingStopped.gif [2012-08-12 23:15:22 | 000,687,775 | ---- | C] () -- C:\Users\user\Documents\P1060345.JPG [2012-08-12 23:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P1060345.JPG [2012-08-12 23:09:22 | 000,562,131 | ---- | C] () -- C:\Users\user\Documents\P1030742.JPG [2012-08-12 23:09:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P1030742.JPG [2012-08-09 19:22:37 | 000,012,146 | ---- | C] () -- C:\Windows\System32\AVGIDSAgent [2012-07-17 15:36:15 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk [2012-07-11 16:50:29 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012-06-29 22:47:32 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012-06-28 22:22:45 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{58e4b0e6-c167-11e1-8b8b-00248c626d04}.TMContainer00000000000000000002.regtrans-ms [2012-06-28 22:22:45 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{58e4b0e6-c167-11e1-8b8b-00248c626d04}.TMContainer00000000000000000001.regtrans-ms [2012-06-28 22:22:45 | 000,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{58e4b0e6-c167-11e1-8b8b-00248c626d04}.TM.blf [2012-06-08 22:06:57 | 001,993,450 | ---- | C] () -- C:\Users\user\Documents\Obraz 005(1).jpg [2012-06-08 22:06:26 | 001,866,035 | ---- | C] () -- C:\Users\user\Documents\Obraz 006(2).jpg [2012-06-02 17:37:38 | 000,362,236 | ---- | C] () -- C:\Users\user\Documents\P1070633.JPG [2012-06-02 17:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P1070633.JPG [2012-05-25 22:32:13 | 001,460,948 | ---- | C] () -- C:\Users\user\Documents\Obraz 006(1).jpg [2012-05-25 22:31:17 | 001,842,768 | ---- | C] () -- C:\Users\user\Documents\Obraz 005.jpg [2012-05-25 22:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Obraz 005.jpg [2012-05-15 19:24:44 | 004,858,441 | ---- | C] () -- C:\Users\user\Documents\P1070586.JPG [2012-05-15 19:24:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P1070586.JPG [2012-05-13 09:49:35 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2012-05-06 12:50:15 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\2012-04-28 19.22.33.jpg [2012-05-06 12:50:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\2012-04-28 19.22.33.jpg [2012-04-26 16:13:01 | 001,391,094 | ---- | C] () -- C:\Users\user\Documents\vt.bmp [2012-04-26 16:12:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vt.bmp [2012-04-21 14:17:51 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-03-29 19:33:39 | 111,442,944 | ---- | C] () -- C:\Users\user\Documents\video-2012-03-29-18-10-31.mp4 [2012-03-29 19:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\video-2012-03-29-18-10-31.mp4 [2012-03-20 19:39:26 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\IMG_6519(1).JPG [2012-03-20 19:37:43 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\IMG_6519.JPG [2012-03-20 19:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IMG_6519.JPG [2012-03-02 17:40:27 | 000,003,348 | ---- | C] () -- C:\Users\user\.recently-used.xbel [2012-02-26 13:51:55 | 000,595,839 | ---- | C] () -- C:\Users\user\Documents\Obraz 006.jpg [2012-02-26 13:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Obraz 006.jpg [2012-02-25 21:46:53 | 003,522,560 | ---- | C] () -- C:\Users\user\Documents\03-Latwopalni.mp3 [2012-02-19 16:47:37 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012-02-10 22:21:42 | 001,375,302 | ---- | C] () -- C:\Users\user\Documents\P020610_17.34.jpg [2012-02-10 22:21:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P020610_17.34.jpg [2012-02-05 13:50:56 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\Obraz 012(2).jpg [2012-02-05 13:48:07 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\Obraz 012(1).jpg [2012-02-05 13:46:23 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\Obraz 012.jpg [2012-02-05 13:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Obraz 012.jpg [2012-02-02 20:40:28 | 001,913,569 | ---- | C] () -- C:\Users\user\Documents\IMG_4515.JPG [2012-02-02 20:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IMG_4515.JPG [2012-02-02 17:28:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Natala.scr [2012-01-29 16:39:08 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk [2012-01-29 16:38:51 | 000,000,952 | ---- | C] () -- C:\Users\user\Desktop\Hard Truck Tycoon.lnk [2012-01-25 21:16:50 | 004,654,172 | ---- | C] () -- C:\Users\user\Documents\x3 097.jpg [2012-01-25 21:16:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\x3 097.jpg [2012-01-22 12:00:56 | 000,188,205 | ---- | C] () -- C:\Users\user\Documents\lol 3000 kbs xD.JPG [2012-01-22 12:00:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\lol 3000 kbs xD.JPG [2012-01-16 21:07:33 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2012-01-08 10:03:11 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-01-07 21:36:31 | 000,051,851 | ---- | C] () -- C:\Users\user\Documents\299893_164896993602732_100002472989138_299061_2053587747_n.jpg [2012-01-07 21:33:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\299893_164896993602732_100002472989138_299061_2053587747_n.jpg [2012-01-01 14:03:10 | 000,000,556 | ---- | C] () -- C:\Users\user\Desktop\DiRT 3.lnk [2011-12-29 14:46:03 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011-12-28 20:12:11 | 000,000,782 | ---- | C] () -- C:\Users\user\Desktop\flt-wrc2 — skrót.lnk [2011-12-28 11:26:58 | 000,001,574 | ---- | C] () -- C:\Users\user\Desktop\MotoGP 08.lnk [2011-12-28 10:25:13 | 000,001,785 | ---- | C] () -- C:\Users\user\Desktop\Grand Theft Auto IV.lnk [2011-12-28 08:41:29 | 000,001,931 | ---- | C] () -- C:\Users\user\Desktop\Agrar Simulator 2011.lnk [2011-12-27 19:59:50 | 000,000,981 | ---- | C] () -- C:\Users\user\Desktop\Battlefield.lnk [2011-12-27 16:49:27 | 000,000,951 | ---- | C] () -- C:\Users\user\Desktop\Need for Speed The Run.lnk [2011-12-27 06:39:22 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\FIM Speedway Grand Prix 4.lnk [2011-12-27 06:30:13 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trucks & Trailers.lnk [2011-12-26 19:21:30 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011-12-26 19:17:05 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2011-12-22 22:29:25 | 000,570,566 | ---- | C] () -- C:\Users\user\Documents\damian jak byl maly.bmp [2011-12-22 22:20:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\damian jak byl maly.bmp [2011-12-21 21:34:39 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Race Injection.lnk [2011-12-21 21:19:35 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011-12-18 11:54:30 | 000,000,787 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2011-12-18 11:54:30 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011-12-17 17:55:32 | 000,000,985 | ---- | C] () -- C:\Users\user\Desktop\John Deere American Farmer Deluxe.lnk [2011-12-17 17:49:04 | 000,428,088 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011-11-23 21:52:03 | 000,001,720 | ---- | C] () -- C:\Users\user\Desktop\IrfanView Thumbnails.lnk [2011-11-23 21:52:03 | 000,000,840 | ---- | C] () -- C:\Users\user\Desktop\IrfanView.lnk [2011-11-19 21:45:41 | 000,035,901 | ---- | C] () -- C:\Users\user\Documents\yala mino.xml [2011-11-19 21:45:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\yala mino.xml [2011-11-14 21:26:04 | 000,031,913 | ---- | C] () -- C:\Users\user\Documents\KOX.wma [2011-11-14 21:25:39 | 000,049,873 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (8).wma [2011-11-12 15:11:08 | 000,027,423 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (7).wma [2011-11-06 12:02:51 | 000,876,033 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (5).wma [2011-11-06 12:02:36 | 000,004,973 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (6).wma [2011-10-25 17:00:10 | 000,099,263 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (4).wma [2011-10-23 19:50:47 | 000,211,247 | ---- | C] () -- C:\Users\user\Documents\ocey.jpg [2011-10-23 19:50:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ocey.jpg [2011-10-22 20:59:07 | 000,357,812 | ---- | C] () -- C:\Users\user\Documents\P221011_12.39(1).jpg [2011-10-22 20:58:37 | 000,026,036 | ---- | C] () -- C:\Users\user\Documents\P221011_12.39.jpg [2011-10-22 20:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\P221011_12.39.jpg [2011-10-18 21:37:39 | 003,428,545 | ---- | C] () -- C:\Users\user\Documents\IMG_3322(1).JPG [2011-10-18 19:50:08 | 000,000,000 | ---- | C] () -- C:\Users\user\Documents\IMG_3322.JPG [2011-10-18 19:50:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IMG_3322.JPG [2011-10-03 16:35:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xd.bmp [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-09-25 11:56:19 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2011-09-25 09:38:06 | 000,000,977 | ---- | C] () -- C:\Users\user\Desktop\Symulator Farmy 2011 .lnk [2011-09-24 14:35:39 | 000,054,363 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (3).wma [2011-09-23 14:25:42 | 000,045,383 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy (2).wma [2011-09-23 14:11:36 | 000,036,403 | ---- | C] () -- C:\Users\user\Documents\Bez_nazwy.wma [2011-09-01 19:50:02 | 000,000,971 | ---- | C] () -- C:\Users\user\Desktop\Testy B.lnk [2011-08-31 19:38:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SP_A0254.jpg [2011-08-29 17:43:45 | 000,092,577 | ---- | C] () -- C:\Users\user\Documents\sirmate.lua [2011-08-29 17:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sirmate.lua [2011-08-29 17:43:23 | 000,110,428 | ---- | C] () -- C:\Users\user\Documents\Mutated Rat Tasker..xml [2011-08-29 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Mutated Rat Tasker..xml [2011-08-29 08:52:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk [2011-08-28 11:27:28 | 000,001,879 | ---- | C] () -- C:\Users\user\Desktop\Counter Strike 1.6 No Steam.lnk [2011-08-28 11:27:28 | 000,001,871 | ---- | C] () -- C:\Users\user\Desktop\Dedicated Server.lnk [2011-08-26 17:14:07 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-08-26 17:14:06 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-08-26 17:14:03 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-08-26 17:14:03 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-08-26 17:10:58 | 000,000,847 | ---- | C] () -- C:\Users\user\Desktop\ALLPlayer V4.7.lnk [2011-08-26 17:10:52 | 000,797,184 | ---- | C] () -- C:\Windows\System32\ac3filter.ax [2011-08-26 17:10:52 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-08-26 16:08:31 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011-08-26 15:14:32 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed Hot Pursuit 2.lnk [2011-08-26 15:14:01 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat [2011-08-26 14:57:58 | 000,002,005 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011-08-26 14:57:48 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-08-26 14:57:48 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-08-26 14:51:45 | 000,001,712 | ---- | C] () -- C:\Users\user\Desktop\NeoBot.lnk [2011-08-26 11:54:39 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-08-26 09:08:08 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2011-08-26 09:08:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011-08-26 06:33:59 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-08-25 01:18:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-08-25 01:18:06 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011-08-25 01:18:03 | 000,419,880 | ---- | C] () -- C:\Windows\System32\locale.nls [2011-08-25 01:17:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-08-25 01:17:20 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-08-25 01:17:17 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011-08-25 01:17:09 | 000,065,248 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT [2011-08-25 01:17:07 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011-08-25 01:09:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-08-25 01:02:24 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011-08-25 01:00:05 | 000,001,419 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011-08-24 05:02:44 | 000,737,714 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2011-08-24 05:02:44 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2011-08-24 05:02:44 | 000,154,402 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2011-08-24 05:02:44 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2011-08-24 04:59:18 | 003,143,996 | -H-- | C] () -- C:\Users\user\AppData\Local\IconCache.db [2011-08-24 04:37:13 | 001,662,556 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2011-08-24 04:32:43 | 002,359,296 | -HS- | C] () -- C:\Users\user\NTUSER.DAT [2011-08-24 04:32:43 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011-08-24 04:32:43 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011-08-24 04:32:43 | 000,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011-08-24 04:32:43 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011-08-24 04:32:43 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011-08-24 04:32:43 | 000,000,020 | -HS- | C] () -- C:\Users\user\ntuser.ini [2011-08-24 04:23:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-04-22 11:50:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2515421704-2397115748-4210446274-1000\$R38JJCA.54\playerinfo\@ [2010-04-22 11:50:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2515421704-2397115748-4210446274-1000\$R38JJCA.54\playerinfo\L [2010-04-22 11:50:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2515421704-2397115748-4210446274-1000\$R38JJCA.54\playerinfo\N [2010-04-22 11:50:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2515421704-2397115748-4210446274-1000\$R38JJCA.54\playerinfo\U [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >[/color] < End of report >