OTL logfile created on: 2012-12-19 16:51:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015.44 Mb Total Physical Memory | 366.06 Mb Available Physical Memory | 36.05% Memory free 2.01 Gb Paging File | 1.36 Gb Available in Paging File | 67.72% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 14.91 Gb Free Space | 40.02% Space Free | Partition Type: NTFS Computer Name: RP-01 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-19 16:47:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-12-01 11:02:26 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-09-14 23:48:00 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2010-01-15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-05-14 14:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-06-10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-05-12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe PRC - [2005-09-22 15:34:02 | 000,094,208 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe PRC - [2005-04-21 01:21:04 | 000,057,616 | ---- | M] (Oracle Corporation) -- C:\oledb\bin\omtsreco.exe PRC - [2004-12-27 14:08:14 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe PRC - [2004-08-04 13:00:00 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr PRC - [2004-08-04 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe PRC - [2004-08-03 03:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE PRC - [2004-02-24 14:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe PRC - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-01 11:02:24 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010-03-15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009-02-27 18:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL MOD - [2001-11-17 06:25:08 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-05-14 14:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-05-14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2006-05-12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2005-04-21 01:21:04 | 000,057,616 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oledb\bin\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2004-08-03 03:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service) SRV - [2004-02-24 14:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service) SRV - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2009-05-14 14:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-05-14 14:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-05-14 14:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2007-11-29 16:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-527237240-651377827-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-527237240-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-06 05:26:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-01 11:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-01 11:02:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-10-20 07:26:10 | 000,000,000 | ---D | M] [2011-04-07 18:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions [2012-12-19 16:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\oms4q5xn.default\extensions [2012-12-19 16:17:13 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\oms4q5xn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-12-01 11:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-12-01 11:02:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003-01-13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files\mozilla firefox\plugins\npjp2.dll [2012-11-09 15:25:05 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-11-09 15:25:05 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-11-09 15:25:05 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-11-09 15:25:05 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-11-09 15:25:05 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-11-09 15:25:05 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Panasonic Device Manager for KX-FLB800/FLM650 Series] C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe (Panasonic Communications Co.,Ltd.) O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.) O4 - HKLM..\Run: [Panasonic PCFAX for KX-FLB800/FLM650 Series] C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\KmPcFax.exe (Panasonic Communications Co.,Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: IWBQAGNT = rundll32 "C:\WINDOWS\system32\desktopw.dll",Rmlmu O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 1 O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 1 = desk.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 2 = firewall.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 3 = igfxcpl.cpl (Intel Corporation) O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 4 = inetcpl.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 5 = intl.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1296147129-491084846-1746094503-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 6 = main.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-527237240-651377827-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-651377827-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-527237240-651377827-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-527237240-651377827-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quicks01.finnair.fi/qp2.cab (QuickPlace Class) O16 - DPF: {3B16EE42-4CE4-11D4-94EE-00105AF1A46C} file://D:\data\EpicUtils32.cab (Utilities Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51DEFAC1-EA76-4550-958C-9AED879736F8}: Domain = lhc.pl O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51DEFAC1-EA76-4550-958C-9AED879736F8}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-05-29 19:19:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-12-19 16:32:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012-12-19 16:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012-12-01 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-12-19 16:53:04 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-12-19 16:52:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296147129-491084846-1746094503-2242UA.job [2012-12-19 16:44:05 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-651377827-682003330-1003UA.job [2012-12-19 16:43:58 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Google Chrome.lnk [2012-12-19 16:30:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-651377827-682003330-1003Core.job [2012-12-19 16:28:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-12-19 16:14:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-12-19 16:13:31 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-12-19 15:52:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296147129-491084846-1746094503-2242Core.job [2012-12-19 12:53:34 | 000,000,035 | ---- | M] () -- C:\WINDOWS\WSTXV32.INI [2012-12-19 00:26:10 | 000,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-12-19 00:26:10 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-12-19 00:26:10 | 000,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-12-19 00:26:09 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-12-19 00:21:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-12-05 00:01:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-12-05 00:01:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-11-29 13:15:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-05 00:01:11 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2011-11-12 17:47:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-04 11:17:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011-06-04 11:17:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011-06-04 11:17:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2011-04-23 12:13:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011-01-22 14:37:55 | 000,110,592 | RHS- | C] () -- C:\WINDOWS\System32\desktopw.dll [2011-01-16 18:27:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008-05-30 02:47:44 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\admin\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2008-05-29 19:40:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010-04-16 16:37:03 | 001,506,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:22:07 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2008-09-25 13:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Panasonic [2009-12-04 16:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Panasonic [2009-10-20 07:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2011-07-02 09:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-04-08 10:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSScanAppDataDir [2008-09-26 00:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Panasonic [2012-12-05 00:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\AIMP3 [2008-12-22 13:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\AMPSoft [2012-08-10 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\ArcaVirMicroScan [2012-02-10 10:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\Esevik [2010-10-28 08:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\M2B [2008-10-19 23:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\Panasonic [2009-03-07 16:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\PaperTypes [2008-10-21 15:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\Photodex [2010-12-18 17:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\TeamViewer [2009-01-01 10:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\Thinstall [2012-02-21 08:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rampa\Dane aplikacji\Ywax [color=#E56717]========== Purity Check ==========[/color] < End of report >