OTL logfile created on: 2013-11-18 17:01:53 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = F:\skanowanie antywirusowe Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,55 Mb Total Physical Memory | 299,21 Mb Available Physical Memory | 29,23% Memory free 2,00 Gb Paging File | 1,19 Gb Available in Paging File | 59,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 22,72 Gb Free Space | 46,64% Space Free | Partition Type: NTFS Drive D: | 25,70 Gb Total Space | 25,61 Gb Free Space | 99,65% Space Free | Partition Type: NTFS Drive F: | 14,43 Gb Total Space | 0,61 Gb Free Space | 4,26% Space Free | Partition Type: FAT32 Computer Name: PP18-NA | User Name: Nauczyciele | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-11-18 11:04:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\skanowanie antywirusowe\OTL.scr PRC - [2013-10-08 12:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe PRC - [2013-05-11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-05-03 09:29:14 | 000,178,176 | ---- | M] () -- C:\Program Files\AppTools\AppToolsService.exe PRC - [2013-05-02 16:33:00 | 000,758,848 | ---- | M] () -- C:\Program Files\AppTools\tools\adb.exe PRC - [2013-05-02 16:32:38 | 000,185,920 | ---- | M] (Elex) -- C:\Program Files\AppTools\AppToolsHelper.exe PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-11 13:24:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll MOD - [2013-10-11 13:23:11 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll MOD - [2013-09-05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013-08-30 07:29:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013-08-30 07:28:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013-08-30 07:28:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013-07-12 08:30:01 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013-05-02 16:33:00 | 000,758,848 | ---- | M] () -- C:\Program Files\AppTools\tools\adb.exe MOD - [2013-05-02 16:32:46 | 000,040,512 | ---- | M] () -- C:\Program Files\AppTools\ddmlib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-11-05 13:34:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-10-08 12:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe -- (NAV) SRV - [2013-10-06 04:27:28 | 000,129,424 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe -- (NCO) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-05-11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-05-03 09:29:14 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\Program Files\AppTools\AppToolsService.exe -- (AppToolsService) SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-09-20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012-09-05 08:05:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\UimBus.sys -- (UimBus) DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\Uim_IM.sys -- (Uim_IM) DRV - [2013-11-18 13:03:32 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013-11-17 01:00:00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131117.023\navex15.sys -- (NAVEX15) DRV - [2013-11-17 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131117.023\naveng.sys -- (NAVENG) DRV - [2013-09-27 20:23:30 | 000,127,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DE06000.01B\ccsetx86.sys -- (ccSet_NST) DRV - [2013-09-27 04:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\SymEFA.sys -- (SymEFA) DRV - [2013-09-27 03:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\Ironx86.sys -- (SymIRON) DRV - [2013-09-27 03:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\srtsp.sys -- (SRTSP) DRV - [2013-09-26 04:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\symnets.sys -- (SymNetS) DRV - [2013-09-26 03:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\ccSetx86.sys -- (ccSet_NAV) DRV - [2013-09-26 03:40:34 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013-09-24 03:24:26 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSvix86.sys -- (IDSVix86) DRV - [2013-09-10 03:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\SymDS.sys -- (SymDS) DRV - [2013-09-10 02:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1501000.012\srtspx.sys -- (SRTSPX) DRV - [2013-08-28 02:09:56 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013-08-28 02:09:56 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-01-22 16:19:16 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2011-01-22 16:19:16 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-01-05 18:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-06-18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [2013-11-18 16:20:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-18 16:22:09 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: YouTube = C:\Users\Nauczyciele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\Nauczyciele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Wallet = C:\Users\Nauczyciele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Norton Identity Protection = C:\Users\Nauczyciele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\ CHR - Extension: Gmail = C:\Users\Nauczyciele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppToolsHelper] C:\Program Files\AppTools\AppToolsHelper.exe (Elex) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A28508-8B95-4A11-A63A-EDEBBC0AD8B9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72194761-916E-4DA2-9122-ACD22E546396}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-07-23 11:48:00 | 000,000,000 | ---D | M] - F:\automapa -- [ FAT32 ] O33 - MountPoints2\{1e346ad4-274f-11e2-b375-0016e65a2ad5}\Shell - "" = AutoRun O33 - MountPoints2\{1e346ad4-274f-11e2-b375-0016e65a2ad5}\Shell\AutoRun\command - "" = F:\start.exe O33 - MountPoints2\{238d063c-26dd-11e0-831d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{238d063c-26dd-11e0-831d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-11-18 16:32:01 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Nauczyciele\Desktop\TFC.exe [2013-11-18 16:20:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2013-11-18 13:39:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-11-18 11:17:29 | 000,000,000 | ---D | C] -- C:\FRST [2013-11-15 07:20:32 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-11-15 07:20:31 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-11-15 07:20:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013-11-15 07:20:30 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-11-15 07:20:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-11-15 07:20:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-11-15 07:20:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013-11-15 07:20:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013-11-15 07:20:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013-11-15 07:20:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013-11-15 07:18:05 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll [2013-11-15 07:18:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013-11-12 10:45:58 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\AppData\Roaming\Windows Live Writer [2013-11-12 10:45:58 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\AppData\Local\Windows Live Writer [2013-11-12 10:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013-11-12 10:34:07 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\AppData\Local\Windows Live [2013-11-12 10:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2013-11-07 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\Desktop\innowacja [2013-11-05 13:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013-11-05 13:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013-11-05 13:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2013-11-05 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\AppData\Roaming\HpUpdate [2013-11-05 13:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013-11-05 13:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013-11-05 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013-11-05 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\AppData\Local\HP [2013-11-05 13:34:42 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-11-05 13:34:42 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-10-31 12:51:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013-10-31 12:51:24 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013-10-21 12:21:20 | 000,000,000 | ---D | C] -- C:\Users\Nauczyciele\Desktop\BIEDRONKI [1 C:\Users\Nauczyciele\Desktop\*.tmp files -> C:\Users\Nauczyciele\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-11-18 16:51:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-11-18 16:43:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-11-18 16:31:52 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Nauczyciele\Desktop\TFC.exe [2013-11-18 16:27:54 | 000,015,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-11-18 16:27:53 | 000,015,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-11-18 16:20:02 | 000,001,976 | ---- | M] () -- C:\Users\Nauczyciele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk [2013-11-18 16:19:44 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-11-18 16:19:34 | 001,838,854 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1501000.012\Cat.DB [2013-11-18 16:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-11-18 16:18:23 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys [2013-11-18 16:18:20 | 000,017,830 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1501000.012\VT20131031.017 [2013-11-18 13:03:32 | 000,142,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013-11-18 13:03:32 | 000,008,194 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013-11-18 13:03:32 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013-11-18 10:34:05 | 000,299,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-11-18 10:34:05 | 000,037,606 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-11-18 10:34:05 | 000,016,948 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-11-18 10:34:05 | 000,006,768 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-11-11 18:53:44 | 001,085,542 | ---- | M] () -- C:\Users\Nauczyciele\Desktop\adwcleaner.exe [2013-11-05 13:43:38 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013-11-05 13:42:16 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Zakup materiałów eksploatacyjnych - HP Deskjet 1050 J410 series.lnk [2013-11-05 13:42:15 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk [2013-11-05 13:36:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013-11-05 13:34:42 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-11-05 13:34:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Users\Nauczyciele\Desktop\*.tmp files -> C:\Users\Nauczyciele\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-11-18 16:23:16 | 001,085,542 | ---- | C] () -- C:\Users\Nauczyciele\Desktop\adwcleaner.exe [2013-11-12 10:40:54 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013-11-05 13:44:14 | 000,001,976 | ---- | C] () -- C:\Users\Nauczyciele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1050 J410 series.lnk [2013-11-05 13:43:37 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013-11-05 13:42:16 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Zakup materiałów eksploatacyjnych - HP Deskjet 1050 J410 series.lnk [2013-11-05 13:42:15 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk [2013-11-05 13:36:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013-11-05 13:34:56 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-10-03 10:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2012-09-06 11:31:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-11-12 10:45:58 | 000,000,000 | ---D | M] -- C:\Users\Nauczyciele\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013-10-08 11:29:34 | 000,061,148 | ---- | M] ()(C:\Users\Nauczyciele\Desktop\Plan pracy wychowawczo- dydaktycznej PSZCZ?KI (1).docx) -- C:\Users\Nauczyciele\Desktop\Plan pracy wychowawczo- dydaktycznej PSZCZӣKI (1).docx [2013-10-08 11:29:31 | 000,061,148 | ---- | C] ()(C:\Users\Nauczyciele\Desktop\Plan pracy wychowawczo- dydaktycznej PSZCZ?KI (1).docx) -- C:\Users\Nauczyciele\Desktop\Plan pracy wychowawczo- dydaktycznej PSZCZӣKI (1).docx < End of report >