OTL logfile created on: 2012-11-26 12:22:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 75,00% Memory free 3,84 Gb Paging File | 3,59 Gb Available in Paging File | 93,36% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 4,24 Gb Free Space | 6,21% Space Free | Partition Type: NTFS Drive D: | 80,68 Gb Total Space | 78,03 Gb Free Space | 96,72% Space Free | Partition Type: NTFS Drive F: | 1,95 Gb Total Space | 0,22 Gb Free Space | 11,32% Space Free | Partition Type: FAT32 Computer Name: PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-20 14:39:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2010-03-28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2003-12-02 14:13:50 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-05-30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010-03-28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-10-27 20:14:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010-03-28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Admin\USTAWI~1\Temp\pxtdapow.sys -- (pxtdapow) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\USTAWI~1\Temp\GPU-Z.sys -- (GPU-Z) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011-06-02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-06-02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-06-02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-06-02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-12-21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2008-05-20 16:15:14 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008-03-13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2008-02-25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-02-14 17:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007-11-02 23:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2006-08-11 14:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) DRV - [2006-07-05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2005-12-22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-11-16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-01 17:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={38731345-303E-4629-B19E-A518C3EDA2ED} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{176504C4-13D4-4158-A0DA-A8559B4F4DA8}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={38731345-303E-4629-B19E-A518C3EDA2ED} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={38731345-303E-4629-B19E-A518C3EDA2ED} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=9c5a4534-81ad-11e1-8237-0018dec027af IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=POS&o=102879&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6D&apn_dtid=YYYYYYYYPL&apn_uid=78EDF986-61F0-4363-9630-18556D3E9600&apn_sauid=C47E38DD-3E52-420D-B3A7-572D63C67137 IE - HKCU\..\SearchScopes\{176504C4-13D4-4158-A0DA-A8559B4F4DA8}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={38731345-303E-4629-B19E-A518C3EDA2ED} IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4e726ffc&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={38731345-303E-4629-B19E-A518C3EDA2ED} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?st=1" FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: {c69f0dbb-eb39-cc1d-b2b6-29818f569533}:4.6.8.5 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.7.0.3 FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.16.0.3 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={38731345-303E-4629-B19E-A518C3EDA2ED}&src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?barid={38731345-303E-4629-B19E-A518C3EDA2ED}&src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 20:14:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-27 20:14:09 | 000,000,000 | ---D | M] [2008-10-02 15:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2012-11-08 19:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions [2011-11-30 17:00:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-19 20:30:07 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} [2012-04-02 09:31:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-11-08 19:31:15 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2012-11-06 20:50:22 | 000,189,128 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011-01-20 21:58:52 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\askcom.xml [2012-11-13 21:56:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-1.xml [2011-09-09 12:25:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-10.xml [2011-09-15 19:00:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-11.xml [2011-11-10 20:32:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-12.xml [2011-12-22 20:55:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-13.xml [2012-01-20 19:33:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-14.xml [2012-02-07 12:58:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-15.xml [2012-02-12 21:33:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-16.xml [2012-02-13 08:07:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-17.xml [2012-02-19 18:56:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-18.xml [2012-03-17 16:46:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-19.xml [2010-12-12 20:28:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-2.xml [2012-04-02 18:02:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-20.xml [2012-04-08 20:05:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-21.xml [2012-04-11 21:50:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-22.xml [2012-04-26 10:01:31 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-23.xml [2012-04-26 13:40:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-24.xml [2012-05-13 17:00:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-25.xml [2012-08-10 20:28:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-26.xml [2012-09-09 17:15:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-27.xml [2012-10-22 14:35:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-28.xml [2012-10-28 17:32:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-29.xml [2011-01-20 21:58:30 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-3.xml [2012-10-28 20:51:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-30.xml [2011-03-06 16:51:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-4.xml [2011-03-23 22:03:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-5.xml [2011-05-02 18:52:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-6.xml [2011-06-22 21:52:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-7.xml [2011-08-21 21:41:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-8.xml [2011-09-01 13:42:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin-9.xml [2010-11-17 12:57:13 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\icqplugin.xml [2011-09-17 22:04:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\MyStart Search.xml [2012-04-08 20:05:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\startsear.xml [2012-11-10 00:02:05 | 000,003,983 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\rximxdfr.default\searchplugins\sweetim.xml [2012-10-27 20:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-10-27 20:14:03 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-10-27 20:14:03 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{c69f0dbb-eb39-cc1d-b2b6-29818f569533} File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012-02-29 19:56:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-10-27 20:14:22 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-02-29 19:56:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-01-02 10:48:42 | 000,083,456 | ---- | M] (StartSearch ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012-09-09 17:12:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012-10-20 21:34:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://startsear.ch/?aff=1&cf=9c5a4534-81ad-11e1-8237-0018dec027af CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=9c5a4534-81ad-11e1-8237-0018dec027af&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://startsear.ch/?aff=1&cf=9c5a4534-81ad-11e1-8237-0018dec027af CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: avast! WebRep = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Click to call with Skype = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Click to call with Skype = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ O1 HOSTS File: ([2012-11-15 12:29:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.48.32.190 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFBF7E8-743C-4578-AE5B-F3B6C14CE99D}: DhcpNameServer = 10.48.32.190 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-05-20 11:29:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-10-25 09:09:42 | 000,000,177 | ---- | M] () - F:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-21 11:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\DoctorWeb [2012-11-21 11:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit\CC Support [2012-11-21 11:06:56 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012-11-21 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-11-15 20:57:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012-11-15 18:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012-11-15 18:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2012-11-15 12:49:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-11-14 14:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012-11-14 13:08:03 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll [2012-11-10 21:10:54 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-11-10 21:06:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-11-10 17:58:59 | 000,000,000 | ---D | C] -- C:\found.003 [2012-11-10 17:01:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne [2012-11-10 17:01:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Moje wideo [2012-11-10 17:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-11-07 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012-11-06 21:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Corel [2012-11-06 21:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CorelDRAW Graphics Suite 12 [2012-11-06 21:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2012-11-06 21:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2012-11-06 20:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CorelDRAW Graphics Suite 12 Installer [2012-11-06 20:54:55 | 190,255,240 | ---- | C] (Corel Corporation ) -- C:\Documents and Settings\Admin\Pulpit\CorelDRAWGraphicsSuite12.exe [2012-10-31 22:33:42 | 000,000,000 | ---D | C] -- C:\angielski_tmp [2012-10-29 21:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Munich [2012-10-27 20:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-26 12:15:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-861567501-1801674531-1003UA.job [2012-11-26 11:51:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-11-26 08:56:16 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-11-26 08:55:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-11-26 07:52:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-11-21 16:31:57 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\DrWeb.csv [2012-11-21 11:14:12 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-11-21 11:06:56 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012-11-21 10:36:13 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-11-15 20:51:54 | 000,538,364 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-11-15 20:51:54 | 000,475,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-11-15 20:51:54 | 000,108,124 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-11-15 20:51:54 | 000,085,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-11-15 18:34:50 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-11-15 12:29:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-11-14 18:14:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-861567501-1801674531-1003Core.job [2012-11-14 14:57:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-11-14 14:38:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-11-11 21:36:30 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012-11-11 21:36:30 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\D656D09E81.sys [2012-11-11 20:57:57 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-11-11 20:52:10 | 016,145,397 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\ktosik.cpt [2012-11-10 22:03:25 | 000,000,394 | ---- | M] () -- C:\WINDOWS\capture.ini [2012-11-09 21:18:18 | 013,386,681 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Something like me!.cpt [2012-11-09 21:18:18 | 013,386,681 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Kopia Something like me!.cpt [2012-11-09 19:57:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2012-11-08 21:58:10 | 013,129,440 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSCN1236 corel.cpt [2012-11-08 21:01:56 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Iska.BMP [2012-11-08 21:00:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-11-04 17:16:36 | 000,091,331 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\ti1q.jpg [2012-11-02 20:55:24 | 000,388,703 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Teksty pieśni.jpg [2012-10-28 00:20:44 | 000,314,320 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Wos 2.jpg [2012-10-28 00:03:12 | 000,476,340 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Wos 1.jpg [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-21 16:31:57 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\DrWeb.csv [2012-11-15 15:58:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Admin\Menu Start\Programy\.lnk [2012-11-10 22:44:50 | 016,145,397 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\ktosik.cpt [2012-11-10 22:03:23 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini [2012-11-10 21:11:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-11-10 21:10:56 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-11-09 21:21:09 | 013,386,681 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Kopia Something like me!.cpt [2012-11-09 20:31:46 | 013,386,681 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Something like me!.cpt [2012-11-08 21:58:09 | 013,129,440 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSCN1236 corel.cpt [2012-11-08 21:01:56 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Iska.BMP [2012-11-06 21:01:37 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D656D09E81.sys [2012-11-04 17:16:33 | 000,091,331 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\ti1q.jpg [2012-11-02 20:55:24 | 000,388,703 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Teksty pieśni.jpg [2012-10-28 00:20:42 | 000,314,320 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Wos 2.jpg [2012-10-28 00:03:10 | 000,476,340 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Wos 1.jpg [2012-07-31 20:28:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\DSC_0029.JPG [2012-07-31 20:28:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\1120002.JPG [2012-07-31 20:28:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\bank.JPG [2012-06-17 17:47:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\fizyka - cz.5.jpg [2012-06-17 17:47:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\fizyka - cz.4.jpg [2012-06-07 21:35:29 | 000,035,328 | ---- | C] () -- C:\WINDOWS\UninstallPompei.exe [2012-05-30 18:57:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\winscp.rnd [2012-05-11 13:41:31 | 000,657,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-03-06 17:07:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012-02-15 08:13:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-08 19:41:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Piesn XII.rtf [2011-10-27 13:34:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011-10-22 20:17:26 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011-10-21 21:41:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Seb..jpg [2011-09-21 20:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\b133bf66001c3b784a2bdf8e.mp3 [2011-09-21 20:08:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\6411fad200286a674bf03da8.mp3 [2011-09-19 19:44:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\file.png [2011-09-19 19:42:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\geografia-aga.jpg [2011-09-17 22:13:35 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-09-17 16:17:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011-08-30 21:18:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\mc.png [2011-06-07 10:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011-06-07 10:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011-06-07 10:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011-06-07 10:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011-06-07 10:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011-05-07 21:36:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\DSC01489.JPG [2011-05-06 20:30:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\DSC01611.JPG [2011-05-05 19:17:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\niemcol 001.jpg [2011-01-19 20:06:51 | 000,000,096 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS [2011-01-19 20:06:51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll [2010-08-09 17:03:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Hymn MME.mp3 [2010-04-30 20:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Grupa O - Podobne przypadki.mp3 [2009-12-25 20:18:54 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\fvgqad.dat [2009-11-03 18:46:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\skanowanie0001.jpg [2009-08-28 18:45:26 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-18 13:45:17 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Admin\jagex_runescape_preferences.dat [2009-06-19 22:00:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\3ab495dd1e.jpeg [2009-06-09 18:58:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\mata.jpg [2009-06-09 18:03:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obrazl.jpg [2009-06-09 18:01:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obraz.jpg [2009-06-02 17:48:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obraz4.jpg [2009-06-02 17:48:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obraz3.jpg [2009-06-02 17:44:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obraz1.jpg [2009-06-02 17:43:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Obraz2.jpg [2009-05-29 19:18:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\SDC11388.JPG [2009-04-29 16:32:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\fiza.jpg [2008-05-21 12:51:15 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2008-05-21 10:37:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012-08-30 21:33:28 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 21:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >