OTL logfile created on: 2012-07-25 19:06:08 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Dunio\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,05% Memory free 3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,69% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 100,01 Gb Total Space | 58,74 Gb Free Space | 58,73% Space Free | Partition Type: NTFS Drive E: | 132,88 Gb Total Space | 7,89 Gb Free Space | 5,94% Space Free | Partition Type: NTFS Computer Name: CPU-EA0887813E5 | User Name: Dunio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-25 17:04:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dunio\Pulpit\OTL.exe PRC - [2012-07-21 00:20:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programy\Mozilla Firefox\firefox.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-03-19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012-03-19 19:32:00 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012-03-16 17:07:00 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2012-03-16 17:06:56 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2012-02-15 17:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe PRC - [2011-08-03 12:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2008-08-07 02:00:00 | 000,028,672 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0415Mon.exe PRC - [2008-04-14 17:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-21 00:20:36 | 002,003,424 | ---- | M] () -- E:\Programy\Mozilla Firefox\mozjs.dll MOD - [2012-02-15 17:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe MOD - [2009-07-08 10:58:18 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-07-21 00:20:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-03-19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012-03-16 17:07:00 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2011-08-03 12:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-03-19 19:32:02 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012-03-16 17:06:52 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011-09-20 13:40:11 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011-09-20 13:40:11 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2010-01-11 14:30:10 | 002,106,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-08-04 02:01:00 | 000,286,208 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0415Vid.sys -- (V0415Vid) DRV - [2009-07-01 11:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2009-07-01 11:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009-06-30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2009-06-15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2008-04-30 08:43:42 | 000,160,768 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0415Afx.sys -- (V0415Afx) DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1331001876_471321 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=000fd298-3649-11e1-a01e-485b399272ac&q={searchTerms} IE - HKLM\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=000fd298-3649-11e1-a01e-485b399272ac&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1331001876_471321 IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=000fd298-3649-11e1-a01e-485b399272ac&q={searchTerms} IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\SearchScopes\{57B3FE9D-374D-4657-83EA-B238D45D43DC}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\SearchScopes\{D0E260ED-C191-421F-A7C8-2F23B6C4C09D}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=884b4a26000000000000485b399272ac IE - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google " FF - prefs.js..browser.startup.homepage: "google.pl" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: E:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programy\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-05-09 16:13:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programy\Mozilla Firefox\components [2012-07-21 00:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programy\Mozilla Firefox\plugins [2012-06-18 11:53:39 | 000,000,000 | ---D | M] [2011-08-01 10:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dunio\Dane aplikacji\Mozilla\Extensions [2012-07-25 15:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dunio\Dane aplikacji\Mozilla\Firefox\Profiles\j701ja2a.default\extensions [2012-07-25 15:40:32 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Dunio\Dane aplikacji\Mozilla\Firefox\Profiles\j701ja2a.default\extensions\firefox@ghostery.com [2012-05-29 17:26:59 | 000,000,000 | ---D | M] (Easyfiles.pl) -- C:\Documents and Settings\Dunio\Dane aplikacji\Mozilla\Firefox\Profiles\j701ja2a.default\extensions\jid0-AIN8s96XTXSdoA5VIafBvp0tpBY@jetpack [2012-03-18 17:03:19 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dunio\Dane aplikacji\Mozilla\Firefox\Profiles\j701ja2a.default\searchplugins\startsear.xml [2012-01-12 23:34:43 | 000,008,797 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DUNIO\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\J701JA2A.DEFAULT\EXTENSIONS\{E9AD55AB-4D1C-42D2-A40C-A5563A9AD5E6}.XPI [2012-06-15 15:15:15 | 000,146,198 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DUNIO\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\J701JA2A.DEFAULT\EXTENSIONS\NOIA4OPTIONS@ARIST2.XPI [2012-04-18 13:46:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://google.com/ CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=000fd298-3649-11e1-a01e-485b399272ac&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: StartSearch Video plug-in (Enabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll CHR - plugin: StartSearch Video plug-in (Enabled) = E:\Programy\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = E:\Programy\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Veetle TV Player (Enabled) = E:\Programy\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = E:\Programy\Veetle\plugins\npVeetle.dll CHR - Extension: YouTube = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Gmail = C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011-10-05 12:30:57 | 000,000,797 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 realmadryt.net O1 - Hosts: 127.0.0.1 www.realmadryt.net O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Programy\Flashget\jccatch.dll (www.flashget.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Programy\Flashget\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-1801674531-1563985344-682003330-1006..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-1563985344-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-1563985344-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All with FlashGet - E:\Programy\Flashget\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - E:\Programy\Flashget\JC_LINK.HTM () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\Flashget\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\Flashget\flashget.exe (FlashGet.com) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EED432EB-543B-4D8E-A737-E7BE5025DAE7}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LogonInit: DllName - (logonInit.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-08-01 10:04:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-25 18:56:51 | 000,675,896 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dunio\Pulpit\SPTDinst-v181-x86.exe [2012-07-25 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI [2012-07-25 17:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dunio\Pulpit\PES2013_DEMO [2012-07-25 16:42:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dunio\Pulpit\OTL.exe [2012-07-25 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia [2012-07-25 16:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2012-07-25 16:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012-07-10 17:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dunio\Moje dokumenty\The Witcher [2012-07-10 13:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dunio\Pulpit\z dodatkami [2012-07-10 12:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GOG.com [2012-07-08 11:04:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dunio\Recent [2012-06-28 22:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Wiedźmin [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-25 19:00:30 | 000,236,466 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012-07-25 19:00:07 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-07-25 19:00:06 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express Files Updater.job [2012-07-25 18:59:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-25 18:56:52 | 000,675,896 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dunio\Pulpit\SPTDinst-v181-x86.exe [2012-07-25 18:45:08 | 000,567,224 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-07-25 18:45:08 | 000,504,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-07-25 18:45:08 | 000,111,560 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-07-25 18:45:08 | 000,089,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-07-25 18:00:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-682003330-1003UA.job [2012-07-25 17:37:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-07-25 17:04:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dunio\Pulpit\OTL.exe [2012-07-25 16:42:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-25 12:00:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-682003330-1003Core.job [2012-07-14 11:59:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Dunio\Pulpit\bez tytułu.bmp [2012-07-11 19:39:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-11 19:39:01 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo [2012-07-10 12:43:11 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk [2012-07-08 17:33:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-06-29 10:59:03 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-25 16:57:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\{11622ae6-9c81-0071-849a-34328c9bbf6c}\U\800000cb.@ [2012-07-25 16:57:15 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\{11622ae6-9c81-0071-849a-34328c9bbf6c}\U\00000001.@ [2012-07-25 16:57:11 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\{11622ae6-9c81-0071-849a-34328c9bbf6c}\U\80000000.@ [2012-07-25 16:05:52 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{11622ae6-9c81-0071-849a-34328c9bbf6c}\U\80000000.@ [2012-07-25 16:05:51 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{11622ae6-9c81-0071-849a-34328c9bbf6c}\U\00000001.@ [2012-07-14 11:59:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Dunio\Pulpit\bez tytułu.bmp [2012-07-11 19:39:00 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo [2012-07-10 12:43:11 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk [2012-04-19 19:50:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2012-03-18 17:03:27 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\232c70a3.exe [2012-03-06 23:59:57 | 000,171,008 | ---- | C] () -- C:\WINDOWS\System32\rld.dll [2012-03-06 23:53:59 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\Rld.dll.Download.torrent [2012-03-06 23:23:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2012-03-06 23:09:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2012-03-06 12:56:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012-03-06 02:09:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012-03-06 02:09:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011-11-24 22:09:26 | 000,064,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-11-24 21:42:56 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011-09-26 19:19:22 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011-09-26 19:18:48 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011-09-26 14:18:26 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-09-26 14:18:26 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-09-26 14:18:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-09-26 14:18:09 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011-09-26 09:55:55 | 000,000,517 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll [2011-09-09 10:57:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-08-23 00:22:44 | 000,443,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-1563985344-682003330-1003-0.dat [2011-08-21 14:24:46 | 000,081,886 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011-08-12 11:52:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin [2011-08-02 08:20:36 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2011-08-01 11:51:32 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-08-01 11:50:31 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-08-01 11:37:07 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011-08-01 11:20:15 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011-08-01 11:20:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2011-08-01 10:22:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-08-01 10:22:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-08-01 10:22:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-08-01 10:22:44 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-08-01 10:22:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-08-01 10:20:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-08-01 10:16:12 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2011-08-01 10:10:42 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-01 10:08:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-08-01 10:02:17 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-07-30 19:06:40 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll [2011-07-30 19:06:40 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll [2008-04-14 17:49:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{11622ae6-9c81-0071-849a-34328c9bbf6c}\@ [2008-04-14 17:49:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Dunio\Ustawienia lokalne\Dane aplikacji\{11622ae6-9c81-0071-849a-34328c9bbf6c}\@ [color=#E56717]========== LOP Check ==========[/color] [2012-03-07 00:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-05-09 15:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CheckPoint [2011-08-02 09:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2012-01-11 17:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2011-08-21 15:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-05-28 20:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2012-03-09 16:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2011-08-07 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM [2011-08-01 18:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RegCure [2012-05-04 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-03-06 23:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2012-02-13 23:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\1334 [2012-01-05 18:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Avnex [2012-03-07 00:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Babylon [2012-05-09 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\CheckPoint [2012-07-08 10:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\DAEMON Tools Lite [2011-08-02 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\DAEMON Tools Pro [2011-08-19 17:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\ESET [2011-11-08 00:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Foxit Software [2011-12-08 21:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Gadu-Gadu 10 [2012-05-31 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\ipla [2012-07-24 22:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Might & Magic Heroes VI [2012-02-14 20:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\PhotoScape [2012-04-11 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Sports Interactive [2012-02-17 22:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\Tibia [2011-11-24 21:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dunio\Dane aplikacji\VDownloader [2012-06-22 01:09:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2012-07-25 19:00:06 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\Express Files Updater.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >