OTL logfile created on: 2013-04-25 21:35:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\MAGDA\Pulpit\Nowy folder Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,36 Mb Total Physical Memory | 268,64 Mb Available Physical Memory | 52,64% Memory free 1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,76% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 80,00 Gb Total Space | 31,78 Gb Free Space | 39,73% Space Free | Partition Type: NTFS Drive D: | 73,38 Gb Total Space | 57,04 Gb Free Space | 77,74% Space Free | Partition Type: NTFS Computer Name: DOM-6DDC039CACC | User Name: MAGDA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-25 20:44:00 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MAGDA\Pulpit\Nowy folder\OTH.exe PRC - [2013-04-25 20:43:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MAGDA\Pulpit\Nowy folder\OTL.exe PRC - [2013-03-19 08:12:42 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013-03-06 15:13:53 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013-02-25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013-02-25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-01-25 09:25:48 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-04-25 21:32:06 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-04-25 13:40:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-04-17 15:13:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-02-25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013-02-25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-12-19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2009-10-08 02:11:00 | 003,323,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009-07-13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Stopped] -- C:\WINDOWS\UnsignedThemesSvc.exe -- (UnsignedThemes) SRV - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-03-06 15:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013-02-27 12:22:41 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013-02-27 12:22:41 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012-11-09 16:33:32 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012-11-09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012-11-09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2012-11-09 16:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-11-09 16:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012-10-17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-08-27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012-06-19 17:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-07-13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uxpatch.sys -- (uxpatch) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008-10-16 11:44:02 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-10-16 11:44:02 | 000,099,840 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2006-03-23 01:27:10 | 000,488,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005-11-03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005-08-10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gazeta.pl/0,0.html?p=127 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wp.pl IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes\{8C66E190-0F83-4DAF-976A-3C2406AA66B9}: "URL" = http://wikipedia.wp.pl/search.html?query={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes\{ED63B71B-0F3B-4C40-88C9-BA78DBCCBA10}: "URL" = http://tanio.pl/szukaj.html?nazwa={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes\{FC1CBEF7-A55F-4E3C-B35C-19B53DD74333}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\SearchScopes\{FEC070E6-EB37-4C82-9050-3C3EC333D83C}: "URL" = http://szukaj.wp.pl/szukaj.html?szukaj={searchTerms}&Submit=Szukaj&z=p&gl_thumb=T IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1390067357-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wp.pl IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://wp.pl IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes,DefaultScope = {97F4010D-C889-487A-8FE9-D36CC786B2E4} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{3310B81A-9BC3-4392-8246-34882D89CB52}: "URL" = http://tanio.pl/szukaj.html?nazwa={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{43F9C416-89DD-442B-9FB4-D6DFD221336E}: "URL" = http://szukaj.wp.pl/szukaj.html?szukaj={searchTerms}&Submit=Szukaj&z=p&gl_thumb=T IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=IHA3MR220CocRUH-OPTWdvxgr3A?q={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{76105664-2765-45A5-A12A-546E721C3F05}: "URL" = http://wikipedia.wp.pl/search.html?query={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\SearchScopes\{97F4010D-C889-487A-8FE9-D36CC786B2E4}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=902615&ilc=12&p={searchTerms} IE - HKU\S-1-5-21-329068152-1390067357-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1390067357-682003330-1006\..\SearchScopes,DefaultScope = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-04 23:05:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-17 15:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-17 15:11:53 | 000,000,000 | ---D | M] [2010-03-27 15:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MAGDA\Dane aplikacji\Mozilla\Extensions [2010-03-27 15:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MAGDA\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com [2013-04-17 15:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-04-17 15:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-04-17 15:13:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013-02-16 06:27:09 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-16 06:27:09 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2013-02-16 06:27:09 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-02-16 06:27:09 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2013-02-16 06:27:09 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-02-16 06:27:09 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://google.pl/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - Extension: Ultimate Flash Sonic = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\ CHR - Extension: What's the font? = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ipooogmmnpmfmhbhlahhjkjiiamjllal\0.1.4_0\ CHR - Extension: Into The Mist = C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\ O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist) O3 - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe () O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe () O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: ) O4 - HKU\S-1-5-21-329068152-1390067357-682003330-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\RODZICE\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1390067357-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1390067357-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konwertuj do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konwertuj obiekt docelowy łącza na plik Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O15 - HKU\S-1-5-21-329068152-1390067357-682003330-1003\..Trusted Domains: margonem.pl ([]http in Zaufane witryny) O15 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-329068152-1390067357-682003330-1004\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79E9ABF9-FE5E-4444-886A-5A3A9FA7657C}: DhcpNameServer = 192.168.25.1 O18 - Protocol\Handler\http - No CLSID value found O18 - Protocol\Handler\https - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O24 - Desktop WallPaper: D:\Grafika\Prace\Przeróbki tapet\1#.png O24 - Desktop BackupWallPaper: C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper2.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-08 14:13:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7823e1f1-ff8e-11de-9def-0019db4c7965}\Shell - "" = AutoRun O33 - MountPoints2\{7823e1f1-ff8e-11de-9def-0019db4c7965}\Shell\AutoRun\command - "" = K:\AutoRunCardDetector.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-25 21:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-04-25 21:33:34 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-04-25 21:33:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-04-25 21:33:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-04-25 21:33:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-04-25 20:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Pulpit\Nowy folder [2013-04-25 08:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight [2013-04-21 19:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2013-04-21 18:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2013-04-21 18:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Avira [2013-04-21 18:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Avira [2013-04-21 18:26:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013-04-21 18:25:47 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013-04-21 18:25:47 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013-04-21 18:25:47 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013-04-21 18:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013-04-21 18:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2013-04-21 17:08:37 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\flashax.exe [2013-04-20 19:40:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MAGDA\Moje dokumenty\Moja muzyka [2013-04-20 18:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Moje dokumenty\Token Light [2013-04-20 18:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Moje dokumenty\Token Dark [2013-04-20 17:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2013-04-17 15:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013-04-14 10:22:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MAGDA\Recent [2013-04-10 19:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Moje dokumenty\SimCity 4 [2013-04-10 19:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Maxis [2013-04-10 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis [2013-04-06 14:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Dane aplikacji\IrfanView [2013-04-06 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAGDA\Menu Start\Programy\IrfanView [2013-04-06 13:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2013-04-06 12:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Topaz Labs [2013-04-06 12:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Topaz Labs [2013-04-01 19:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012-01-30 21:07:20 | 001,100,288 | ---- | C] (Alexander Roshal) -- C:\Program Files\WinRAR.exe [2012-01-30 21:07:20 | 000,401,408 | ---- | C] (Alexander Roshal) -- C:\Program Files\Rar.exe [2012-01-30 21:07:20 | 000,264,192 | ---- | C] (Alexander Roshal) -- C:\Program Files\UnRAR.exe [2012-01-30 21:07:20 | 000,164,864 | ---- | C] (Alexander Roshal) -- C:\Program Files\RarExt64.dll [2012-01-30 21:07:20 | 000,140,288 | ---- | C] (Alexander Roshal) -- C:\Program Files\RarExt.dll [2011-03-08 12:27:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MAGDA\Dane aplikacji\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-25 21:39:16 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-04-25 21:32:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013-04-25 21:31:57 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013-04-25 21:31:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013-04-25 21:31:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013-04-25 21:31:57 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013-04-25 21:31:56 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2013-04-25 21:31:55 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013-04-25 14:32:27 | 000,182,146 | ---- | M] () -- C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\recently-used.xbel [2013-04-25 13:40:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-04-25 13:40:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-04-25 08:38:48 | 000,000,053 | ---- | M] () -- C:\biosinfo [2013-04-25 08:35:04 | 003,567,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-04-25 08:32:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-04-23 16:29:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-04-21 17:08:38 | 000,535,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\flashax.exe [2013-04-21 17:08:36 | 000,012,288 | ---- | M] () -- C:\WINDOWS\impborl.dll [2013-04-20 16:54:05 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\default.rss [2013-04-20 16:53:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013-04-17 16:28:31 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-04-03 17:35:00 | 000,565,728 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-04-03 17:35:00 | 000,502,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-04-03 17:35:00 | 000,110,690 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-04-03 17:35:00 | 000,088,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-03-30 14:58:00 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\ParisChase.MCS [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-25 14:32:27 | 000,182,146 | ---- | C] () -- C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\recently-used.xbel [2013-04-25 09:19:22 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-04-21 17:08:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2013-04-21 17:08:12 | 005,000,413 | ---- | C] () -- C:\Documents and Settings\MAGDA\Moje dokumenty\SCCT_screensaver.exe [2013-04-14 12:13:52 | 003,567,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-04-01 19:11:58 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\GIMP 2.lnk [2013-03-19 11:58:28 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013-03-16 18:05:07 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013-02-13 16:43:35 | 062,022,771 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\MegaPack 1.2.5.zip [2013-02-09 14:28:09 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\1602Unst.exe [2013-02-03 16:37:58 | 000,119,900 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2013-02-02 15:33:09 | 000,122,884 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2013-02-02 15:17:34 | 000,000,808 | ---- | C] () -- C:\WINDOWS\eReg.dat [2013-01-30 19:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2012-11-24 23:06:50 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2012-11-24 22:51:06 | 000,001,249 | ---- | C] () -- C:\WINDOWS\unins000.dat [2012-08-16 12:11:29 | 000,482,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-06-07 13:29:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012-05-25 13:25:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2012-05-20 13:05:56 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\MAGDA\.gtk-bookmarks [2012-03-28 15:33:23 | 000,364,331 | ---- | C] () -- C:\Documents and Settings\MAGDA\.fonts.cache-1 [2012-03-22 17:40:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-02-10 16:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\downloads.m3u [2012-02-02 18:47:26 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\default.rss [2012-01-30 21:07:46 | 000,000,022 | ---- | C] () -- C:\Program Files\zipnew.dat [2012-01-30 21:07:46 | 000,000,020 | ---- | C] () -- C:\Program Files\rarnew.dat [2012-01-30 21:07:21 | 000,098,816 | ---- | C] () -- C:\Program Files\Default.SFX [2012-01-30 21:07:21 | 000,078,848 | ---- | C] () -- C:\Program Files\Zip.SFX [2012-01-30 21:07:21 | 000,073,216 | ---- | C] () -- C:\Program Files\WinCon.SFX [2012-01-30 21:07:21 | 000,003,192 | ---- | C] () -- C:\Program Files\Order.htm [2012-01-30 21:07:21 | 000,001,375 | ---- | C] () -- C:\Program Files\RarFiles.lst [2012-01-30 21:07:21 | 000,000,664 | ---- | C] () -- C:\Program Files\Uninstall.lst [2012-01-30 21:07:20 | 000,304,191 | ---- | C] () -- C:\Program Files\WinRAR.chm [2012-01-30 21:07:20 | 000,000,604 | ---- | C] () -- C:\Program Files\File_Id.diz [2011-12-30 22:14:24 | 000,202,778 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-329068152-1390067357-682003330-1003-0.dat [2011-12-30 22:14:09 | 000,202,778 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011-11-29 22:10:22 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\MAGDA\.gtkrc-2.0 [2011-08-09 10:57:19 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\MAGDA\AutoClick.ini [2011-07-18 15:23:50 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2011-07-18 15:23:50 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\6450BBE5AD.sys [2011-07-10 11:35:10 | 000,000,070 | -H-- | C] () -- C:\WINDOWS\popcreg.dat [2011-07-08 14:15:49 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-07-08 14:15:49 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-07-08 14:15:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-07-08 14:14:52 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011-03-29 13:10:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\inst.exe [2011-03-08 12:27:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\ezpinst.exe [2011-03-08 12:27:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\pcouffin.cat [2011-03-08 12:27:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\pcouffin.inf [2011-03-08 11:58:46 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\vso_ts_preview.xml [2011-02-19 20:32:27 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\ParisChase.MCS [2010-12-18 23:15:08 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Setting.dat [2010-12-18 23:15:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\MAGDA\Dane aplikacji\UserFlag.ini [2010-08-05 20:16:47 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2010-03-13 09:14:00 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\MAGDA\.kvirc_force_locale [2010-01-14 15:23:11 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009-10-31 19:33:28 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\MAGDA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-01-06 19:49:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 19:20:47 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 19:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-09-24 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\100 [2010-02-22 14:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2013-04-21 18:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2012-01-30 20:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Buena Vista Games [2012-12-01 18:53:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2011-03-04 22:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro [2012-09-09 19:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy [2010-11-10 21:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy3 [2010-03-21 17:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Free Ride Games [2013-04-25 09:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-05-02 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IconTweaker [2010-01-23 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2010-01-23 17:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2011-12-17 13:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2013-03-15 21:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2010-12-05 16:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-08-31 12:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon [2013-02-24 21:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2012-05-25 13:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2013-04-13 15:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-12-17 13:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-12-02 16:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2012-09-24 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2012-06-25 16:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe [2010-06-21 13:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Synetic [2013-03-15 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith [2012-09-24 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-09-24 18:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2009-10-09 07:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TP-LINK [2012-12-01 18:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2013-03-10 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2011-09-29 14:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2012-12-01 19:01:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643} [2012-12-01 19:01:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013-04-21 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\.minecraft [2012-12-08 11:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Enterbrain [2011-04-19 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\FOG Downloader [2013-04-25 09:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Gadu-Gadu 10 [2011-06-22 21:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\GetRightToGo [2013-03-30 11:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\gtk-2.0 [2012-05-07 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\IObit [2013-04-09 16:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\IrfanView [2009-11-20 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\ITTerritory [2013-02-27 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\MargonemMapki [2010-08-28 19:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\maxup [2011-07-21 10:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Nowe Gadu-Gadu [2009-12-27 15:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\OpenFM [2012-02-11 11:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\OpenOffice.org [2011-12-30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\PC Suite [2011-03-17 19:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\POLENG [2013-03-01 12:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Rainmeter [2010-11-25 19:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\RDRM [2012-08-12 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\skyz [2013-01-03 20:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\SolidDocuments [2010-02-22 14:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\SprillBermudePol [2012-11-15 19:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Styler [2012-11-15 16:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\systweak [2011-03-17 19:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\T6 [2012-12-01 18:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\TuneUp Software [2010-01-09 13:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\V-Games [2013-03-19 12:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\VDownloader [2012-11-15 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\ViGlance [2011-03-04 22:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\VitySoft [2010-03-27 22:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\Vivox [2013-03-16 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAGDA\Dane aplikacji\VSRevoGroup [2010-09-05 10:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\ChomikBox [2012-03-04 13:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\IObit [2010-01-09 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\ipla [2012-02-19 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\OpenOffice.org [2011-12-18 09:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\PC Suite [2013-03-22 16:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RODZICE\Dane aplikacji\VDownloader [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >