OTL logfile created on: 2012-11-22 09:51:53 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ \Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,04% Memory free 5,34 Gb Paging File | 4,49 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,07 Gb Total Space | 16,63 Gb Free Space | 42,58% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 110,90 Gb Free Space | 57,22% Space Free | Partition Type: NTFS Drive E: | 3,69 Gb Total Space | 3,32 Gb Free Space | 90,09% Space Free | Partition Type: FAT32 Computer Name: JAREK | User Name:   | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-21 20:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ \Pulpit\OTL.exe PRC - [2012-10-28 20:12:35 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012-09-02 10:07:47 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011-07-29 00:10:10 | 000,897,024 | ---- | M] (Arcai.com) -- C:\Program Files\netcut\netcut.exe PRC - [2011-07-28 16:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files\netcut\services\aips.exe PRC - [2010-08-12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2010-08-12 13:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-09-12 18:25:18 | 000,005,120 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe PRC - [2009-04-10 18:29:08 | 000,037,888 | ---- | M] () -- C:\ZAINSTALOWANE PROGRAMY !\Winamp\winampa.exe PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-11-26 09:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\ZAINSTALOWANE PROGRAMY !\RocketDock\RocketDock.exe PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-10-28 20:12:34 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010-11-04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2009-09-12 18:25:18 | 000,005,120 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe MOD - [2009-04-10 18:29:08 | 000,037,888 | ---- | M] () -- C:\ZAINSTALOWANE PROGRAMY !\Winamp\winampa.exe MOD - [2009-01-09 16:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\ZAINSTALOWANE PROGRAMY !\RocketDock\RocketDock.exe MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\ZAINSTALOWANE PROGRAMY !\RocketDock\RocketDock.dll MOD - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006-09-21 12:59:14 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx MOD - [2006-09-14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\0A00~1\USTAWI~1\Temp\hpdj00.exe -- (hpdj00) SRV - [2012-10-28 20:12:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-19 18:22:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-09-24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-06-07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-07-28 16:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files\netcut\services\aips.exe -- (AIPS) SRV - [2010-08-12 13:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2010-08-12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009-09-12 18:25:18 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc) SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2004-03-18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UIUSys) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\efnqvsi.sys -- (tiarkee) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RTL8187B) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (ntiomin) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ak9s9c88) DRV - [2010-11-12 00:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010-08-04 10:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010-08-03 12:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2010-07-29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-06-25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010-03-21 23:55:56 | 000,085,504 | ---- | M] () [Kernel | Auto | Running] -- D:\Moto\Portable_Ubuntu_TRES\colinux\linux.sys -- (CoLinuxDriver) DRV - [2009-09-12 18:25:32 | 000,051,448 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prio.sys -- (prio) DRV - [2009-06-14 20:14:07 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-09-11 09:18:36 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-09-11 09:18:36 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-27 10:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008-04-24 22:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-04-24 22:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-04-24 22:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008-04-22 07:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2008-04-13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008-02-08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2007-12-18 12:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2007-11-01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007-11-01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007-11-01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007-05-23 22:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007-04-16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007-01-07 17:11:22 | 000,100,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssbcmdm.sys -- (ssbcmdm) DRV - [2007-01-07 17:11:18 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssbcmdfl.sys -- (ssbcmdfl) DRV - [2007-01-07 17:10:28 | 000,066,880 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssbcbus.sys -- (ssbcbus) DRV - [2006-12-13 17:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2006-11-10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005-10-09 04:26:40 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100479&tt=090212_ctrl&babsrc=SP_ss&mntrId=54cd9be300000000000000234da3dc81 IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{32F220E5-4077-4202-B577-A76449083AF4}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_pl IE - HKCU\..\SearchScopes\{78B0E33A-553B-436A-BEB4-AC860A40CC53}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms} IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/driveridentifier/{E01BE046-9D0F-479C-A010-C909CA0FAE09}?q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262 IE - HKCU\..\SearchScopes\{D1F69A15-607A-40BB-A02E-DEFB236CD921}: "URL" = http://www.dymasearch.com/search.php?src=tops&q={SearchTerms} IE - HKCU\..\SearchScopes\{D629C976-88F4-4014-9127-D49CE70EB691}: "URL" = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..browser.startup.homepage: "http://www.dymasearch.com/" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..keyword.URL: "http://www.dymasearch.com/search.php?src=tops&q=" FF - prefs.js..keyword.enabled: true FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "http://www.dymasearch.com/search.php?src=tops&q=" FF - user.js..browser.search.openintab: false FF - user.js..keyword.enabled: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\ZAINSTALOWANE PROGRAMY !\Picasso3\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-02 10:08:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-20 20:36:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-20 20:35:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-10-23 13:07:19 | 000,000,000 | ---D | M] [2010-11-26 15:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Extensions [2010-11-26 15:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions [2010-11-26 15:32:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010-11-26 15:37:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-26 15:32:25 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2010-11-26 15:32:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010-11-26 15:32:25 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} [2010-11-26 15:32:26 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010-11-26 15:32:28 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{5b175400-2368-11de-8c30-0800200c9a66} [2010-11-26 15:32:27 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-11-26 15:32:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-11-26 15:32:29 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\05cttw7h.Jarek nowy\extensions\bloodfire@example.com [2012-11-20 20:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions [2012-11-20 20:35:55 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2010-11-26 15:44:02 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}(2) [2012-08-23 12:39:12 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} [2011-09-12 07:51:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010-11-26 15:44:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(2) [2010-11-26 15:44:02 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}(2) [2010-11-26 15:44:02 | 000,000,000 | ---D | M] (Alabama Crimson Tide) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{421d78a0-6f2e-11de-867e-0002a5d5c51b}(2) [2011-04-28 08:03:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(2) [2010-11-26 15:44:03 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}(2) [2010-11-26 15:44:03 | 000,000,000 | ---D | M] (Nuri) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}(2) [2010-11-26 15:44:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2010-12-26 21:53:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2011-04-28 08:03:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(4) [2012-11-20 20:47:47 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66} [2010-11-26 15:44:03 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}(2) [2012-10-27 19:26:17 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2010-11-26 15:44:03 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\bloodfire@example(2).com [2012-11-20 20:35:56 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\info@djzig.com [2010-11-26 15:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\ogkm2cy9.default\extensions [2010-11-26 15:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\ogkm2cy9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-11-26 15:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\ogkm2cy9.default\extensions\bloodfire@example.com [2010-11-26 15:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\y7uhrxxv.nev 2\extensions [2010-11-26 15:32:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\y7uhrxxv.nev 2\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-11-20 19:25:13 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\personas@christopher.beard.xpi [2012-09-07 05:50:47 | 000,269,659 | ---- | M] () (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-11-20 19:30:04 | 002,966,066 | ---- | M] () (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012-07-27 19:37:01 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\dn5wd2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2009-07-25 21:33:49 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\3x5s4nds.default\searchplugins\Search.xml [2009-02-15 21:34:39 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\ \Dane aplikacji\Mozilla\Firefox\Profiles\3x5s4nds.default\searchplugins\Yoog Search.xml [2012-11-20 20:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-11-20 20:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-11-20 20:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012-11-20 20:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\staged [2012-11-20 19:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions [2012-11-20 20:36:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-11-20 19:17:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-11-20 19:16:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [2012-11-20 19:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\ffxtlbr@babylon.com [2012-11-20 19:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\staged [2012-10-28 20:12:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-09-02 10:07:51 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll O1 HOSTS File: ([2012-01-25 15:23:47 | 000,429,281 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14803 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre1.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\ZAINSTALOWANE PROGRAMY !\Expressivo\IH_iexplore.dll (IVO Software Sp. z o.o.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\ZAINSTALOWANE PROGRAMY !\Expressivo\IH_iexplore.dll (IVO Software Sp. z o.o.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\prxtbFre1.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\ZAINSTALOWANE PROGRAMY !\Winamp\winampa.exe () O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [ccleaner] C:\ZAINSTALOWANE PROGRAMY !\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GG] C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (GG Network S.A.) O4 - HKCU..\Run: [RocketDock] C:\ZAINSTALOWANE PROGRAMY !\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Twoje TVN24] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342008590359 (MUWebControl Class) O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} http://89.231.4.134:8090/program/SonyNetworkCameraViewer.cab (Sony Network Camera Viewer Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA21E5E-3B08-4926-8AB9-F13168CC1A51}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA21E5E-3B08-4926-8AB9-F13168CC1A51}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-15 14:45:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-21 20:30:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ \Pulpit\OTL.exe [2012-11-21 14:34:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ \Recent [2012-11-20 20:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-11-10 17:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ \Moje dokumenty\Moje pokazy programu Snapfire [2012-11-10 17:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ \Moje dokumenty\Moje pliki PSP [2012-11-10 16:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Corel [2012-11-08 17:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime [2012-10-27 20:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ \Dane aplikacji\CrystalIdea Software [2012-10-27 20:40:41 | 000,589,344 | ---- | C] (SpeedyFox) -- C:\Documents and Settings\ \Pulpit\speedyfox.exe [2012-10-25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2012-10-25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-22 09:47:03 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4B35ABAA-5376-4EF2-A12C-005CB9C433B0}.job [2012-11-22 09:44:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-11-22 09:40:18 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1085031214-839522115-1003UA.job [2012-11-22 09:21:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-11-21 21:40:23 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012-11-21 20:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ \Pulpit\OTL.exe [2012-11-21 20:27:39 | 000,578,664 | ---- | M] () -- C:\Documents and Settings\ \Pulpit\OTL(19450).exe [2012-11-21 19:44:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-11-21 18:40:00 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1085031214-839522115-1003Core.job [2012-11-21 14:32:19 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1085031214-839522115-1003.job [2012-11-21 14:32:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1085031214-839522115-1003.job [2012-11-21 14:32:11 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-11-21 14:28:17 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Hzsolo.job [2012-11-21 14:28:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-11-20 20:35:08 | 000,359,166 | ---- | M] () -- C:\Documents and Settings\ \Pulpit\Schowek.jpg [2012-11-18 13:53:44 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2012-11-17 22:58:42 | 000,006,372 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012-11-17 21:14:32 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\81AC3392E7.sys [2012-11-17 09:22:07 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\iprtpriol.dll [2012-11-16 20:18:28 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-11-16 20:04:20 | 000,556,176 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-11-16 20:04:20 | 000,488,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-11-16 20:04:20 | 000,117,206 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-11-16 20:04:20 | 000,090,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-11-15 17:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012-11-10 16:58:52 | 000,476,752 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe [2012-11-10 11:19:32 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-11-08 17:30:56 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2012-10-28 22:29:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-10-27 20:40:47 | 000,589,344 | ---- | M] (SpeedyFox) -- C:\Documents and Settings\ \Pulpit\speedyfox.exe [2012-10-25 17:10:41 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\ \Pulpit\GG.lnk [2012-10-25 12:40:06 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk [2012-10-25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2012-10-25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-21 20:27:35 | 000,578,664 | ---- | C] () -- C:\Documents and Settings\ \Pulpit\OTL(19450).exe [2012-11-20 20:35:08 | 000,359,166 | ---- | C] () -- C:\Documents and Settings\ \Pulpit\Schowek.jpg [2012-11-17 09:22:07 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\iprtpriol.dll [2012-11-17 09:22:07 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Hzsolo.job [2012-11-10 16:58:52 | 000,476,752 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe [2012-11-10 16:42:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\81AC3392E7.sys [2012-11-08 17:30:56 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2012-11-05 13:52:21 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1085031214-839522115-1003.job [2012-10-25 17:10:41 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\ \Pulpit\GG.lnk [2012-07-15 14:32:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012-07-15 14:31:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2012-07-15 14:28:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2012-06-28 19:58:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012-04-18 19:19:35 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SonyNetworkCameraViewer.ini [2012-03-15 18:37:37 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2012-02-28 19:49:34 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdemtrt.sys [2012-02-15 08:39:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-02-11 17:18:25 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012-01-25 15:33:45 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xbjidh.sys [2012-01-17 15:10:53 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-01-17 15:10:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-01-17 15:10:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-09-07 12:21:07 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\ \.recently-used.xbel [2011-07-30 19:51:00 | 000,006,372 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011-07-30 19:51:00 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9FF98281E4.sys [2011-07-18 19:22:57 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ReminderNextRun [2010-05-07 18:57:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\ \.esd_auth [2010-05-07 18:57:31 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\ \.pulse-cookie [2009-11-05 13:16:13 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\ \Dane aplikacji\prio.ini [2009-06-09 20:58:30 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009-03-29 22:44:51 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\ \BAT [2009-01-26 20:36:47 | 006,870,392 | ---- | C] () -- C:\Documents and Settings\ \mixxxtrack.xml [2009-01-26 20:36:47 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\ \mixxxbpmschemes.xml [2009-01-16 22:11:19 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-01-16 12:27:14 | 000,178,176 | ---- | C] () -- C:\Documents and Settings\ \Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006-12-01 07:40:54 | 000,012,162 | ---- | C] () -- C:\Documents and Settings\ \ExpressivoDictionary.xml [2006-12-01 07:40:54 | 000,004,237 | ---- | C] () -- C:\Documents and Settings\ \ExpressivoCfg.xml [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-01-16 22:06:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 18:20:47 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 18:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >