OTL logfile created on: 2013-04-30 15:33:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Orneta\Documents\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,34% Memory free 6,18 Gb Paging File | 5,72 Gb Available in Paging File | 92,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,41 Gb Total Space | 96,27 Gb Free Space | 64,43% Space Free | Partition Type: NTFS Drive D: | 7,45 Gb Total Space | 7,13 Gb Free Space | 95,62% Space Free | Partition Type: FAT32 Drive E: | 147,21 Gb Total Space | 141,03 Gb Free Space | 95,80% Space Free | Partition Type: NTFS Computer Name: ORNETA-PC | User Name: Orneta | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-30 15:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Orneta\Documents\Downloads\OTL.scr PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013-04-09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013-04-09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-19 23:19:18 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc) SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2008-09-05 20:21:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008-08-26 16:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008-08-19 00:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2008-07-15 17:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2008-05-22 23:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-11-21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006-10-05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-08-23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013-03-07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-03-07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-03-07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-03-07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-03-07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013-03-07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-03-07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-03-07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013-03-07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012-07-19 23:19:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012-07-19 23:19:32 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012-07-19 23:19:32 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012-07-19 23:19:32 | 000,066,688 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2012-07-19 23:19:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2012-07-19 23:19:32 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2012-07-19 23:19:31 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008-09-17 06:01:02 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008-09-09 12:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-07-15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2008-05-23 04:07:16 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008-05-13 17:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008-05-07 12:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2008-04-23 18:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008-04-15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-03-25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008-03-19 12:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008-02-07 00:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008-01-22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007-12-14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2007-11-29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007-11-09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006-11-28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-10-23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005-01-07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\SearchScopes,DefaultScope = {C0753A5F-A70C-4105-85B9-2DE8594E6456} IE - HKLM\..\SearchScopes\{C0753A5F-A70C-4105-85B9-2DE8594E6456}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Orneta\Desktop IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.pl/https://www.google.pl/ [binary data] IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?OCID=OA-Spring IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=5UeFIh-ceZq-zWrCjPqZ-WWQQzQ?q={searchTerms} IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..\SearchScopes\{89FA663F-EC4D-47C5-9FCE-ABC0CCCC2B47}: "URL" = http://isearch.avg.com/search?cid={F9F3C288-F90C-41E3-9E1E-8896C4DF6717}&mid=1a4986d974582b813a496ec850a510e3-106ee64d500ab7c78a0b1047981a080986f51390&lang=pl&ds=AVG&pr=fr&d=2012-06-22 13:50:35&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=UP30DF&PC=UP30&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..\SearchScopes\{C0753A5F-A70C-4105-85B9-2DE8594E6456}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Orneta\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Orneta\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=pl-PL&q={searchTerms} CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: http://msn.gazeta.pl/msn/0,0.html?OCID=OA-Spring CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Orneta\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - Extension: avast! WebRep = C:\Users\Orneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Skype Click to Call = C:\Users\Orneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1910331583-995721130-1152976423-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Orneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis treści programu OneNote.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1910331583-995721130-1152976423-1000\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3EECA6-882C-492E-BDB9-3C15BBA414E8}: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB44AF60-311D-4EB0-AD46-B386041087E1}: DhcpNameServer = 89.108.195.20 89.108.202.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B40BEBB5-03CE-450E-BD52-8D4CDD32BF97}: DhcpNameServer = 89.108.202.21 89.108.195.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Orneta\AppData\Roaming\Microsoft\Windows Photo Gallery\Images\Image1.jpg O24 - Desktop BackupWallPaper: C:\Users\Orneta\AppData\Roaming\Microsoft\Windows Photo Gallery\Images\Image1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c135b1c-9ffb-11e1-a96f-ce37d153c019}\Shell - "" = AutoRun O33 - MountPoints2\{0c135b1c-9ffb-11e1-a96f-ce37d153c019}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0d92d01c-ace9-11e1-9a04-c05db819f830}\Shell - "" = AutoRun O33 - MountPoints2\{0d92d01c-ace9-11e1-9a04-c05db819f830}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{126c55d6-7f20-11e1-8101-cceda463a634}\Shell - "" = AutoRun O33 - MountPoints2\{126c55d6-7f20-11e1-8101-cceda463a634}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{1895decc-d1da-11e1-93ba-b254c861e634}\Shell - "" = AutoRun O33 - MountPoints2\{1895decc-d1da-11e1-93ba-b254c861e634}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{1895decd-d1da-11e1-93ba-b254c861e634}\Shell - "" = AutoRun O33 - MountPoints2\{1895decd-d1da-11e1-93ba-b254c861e634}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1895ded9-d1da-11e1-93ba-dad58f7ea891}\Shell - "" = AutoRun O33 - MountPoints2\{1895ded9-d1da-11e1-93ba-dad58f7ea891}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{1a21bc54-86cf-11e1-9501-e59b9bc74f54}\Shell - "" = AutoRun O33 - MountPoints2\{1a21bc54-86cf-11e1-9501-e59b9bc74f54}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{1c802b9f-9e1c-11de-ab84-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{1c802b9f-9e1c-11de-ab84-00235a06d7f3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{1c802ba3-9e1c-11de-ab84-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{1c802ba3-9e1c-11de-ab84-00235a06d7f3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{1c802c59-9e1c-11de-ab84-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{1c802c59-9e1c-11de-ab84-00235a06d7f3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{21cff2c5-d1e7-11e1-bccc-dd58916be405}\Shell - "" = AutoRun O33 - MountPoints2\{21cff2c5-d1e7-11e1-bccc-dd58916be405}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{22964b4b-a01d-11e1-a0ad-aa80f005aa73}\Shell - "" = AutoRun O33 - MountPoints2\{22964b4b-a01d-11e1-a0ad-aa80f005aa73}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{267a6080-a01c-11e1-bf8f-f4c7ffd2bd44}\Shell - "" = AutoRun O33 - MountPoints2\{267a6080-a01c-11e1-bf8f-f4c7ffd2bd44}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{3a34ac6e-268b-11e2-a2cd-b5fd49b03e68}\Shell - "" = AutoRun O33 - MountPoints2\{3a34ac6e-268b-11e2-a2cd-b5fd49b03e68}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{7361358a-a022-11e1-a144-a41c1724598f}\Shell - "" = AutoRun O33 - MountPoints2\{7361358a-a022-11e1-a144-a41c1724598f}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{898dc424-d1e3-11e1-9374-92964145c9e8}\Shell - "" = AutoRun O33 - MountPoints2\{898dc424-d1e3-11e1-9374-92964145c9e8}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{898dc455-d1e3-11e1-9374-92964145c9e8}\Shell - "" = AutoRun O33 - MountPoints2\{898dc455-d1e3-11e1-9374-92964145c9e8}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{8c848f1c-9e16-11de-84d8-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{8c848f1c-9e16-11de-84d8-00235a06d7f3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{ab80e767-d1db-11e1-bd07-ac60b46d1c00}\Shell - "" = AutoRun O33 - MountPoints2\{ab80e767-d1db-11e1-bd07-ac60b46d1c00}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{abb43307-cfe3-11e1-8dd6-df13300d972b}\Shell - "" = AutoRun O33 - MountPoints2\{abb43307-cfe3-11e1-8dd6-df13300d972b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{abb43312-cfe3-11e1-8dd6-df13300d972b}\Shell - "" = AutoRun O33 - MountPoints2\{abb43312-cfe3-11e1-8dd6-df13300d972b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{abb43327-cfe3-11e1-8dd6-fdc1a796c16d}\Shell - "" = AutoRun O33 - MountPoints2\{abb43327-cfe3-11e1-8dd6-fdc1a796c16d}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{abb43341-cfe3-11e1-8dd6-fdc1a796c16d}\Shell - "" = AutoRun O33 - MountPoints2\{abb43341-cfe3-11e1-8dd6-fdc1a796c16d}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{abb4336b-cfe3-11e1-8dd6-fdc1a796c16d}\Shell - "" = AutoRun O33 - MountPoints2\{abb4336b-cfe3-11e1-8dd6-fdc1a796c16d}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{abb43373-cfe3-11e1-8dd6-c0abc9ce1419}\Shell - "" = AutoRun O33 - MountPoints2\{abb43373-cfe3-11e1-8dd6-c0abc9ce1419}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{aeef1e6c-d195-11e1-818a-b2a3f0487b18}\Shell - "" = AutoRun O33 - MountPoints2\{aeef1e6c-d195-11e1-818a-b2a3f0487b18}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{bc67e736-9d7d-11de-8373-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{bc67e736-9d7d-11de-8373-00235a06d7f3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{bd867cc9-f857-11e1-9818-f344e7c5ea3b}\Shell - "" = AutoRun O33 - MountPoints2\{bd867cc9-f857-11e1-9818-f344e7c5ea3b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{c955ab46-d1e5-11e1-8d1a-f612c23aaae1}\Shell - "" = AutoRun O33 - MountPoints2\{c955ab46-d1e5-11e1-8d1a-f612c23aaae1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c955ab52-d1e5-11e1-8d1a-f612c23aaae1}\Shell - "" = AutoRun O33 - MountPoints2\{c955ab52-d1e5-11e1-8d1a-f612c23aaae1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cbd9708b-7847-11df-93ff-00235a06d7f3}\Shell - "" = AutoRun O33 - MountPoints2\{cbd9708b-7847-11df-93ff-00235a06d7f3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{cbd97095-7847-11df-93ff-00235a06d7f3}\Shell\AutoRun\command - "" = RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe O33 - MountPoints2\{cbd97095-7847-11df-93ff-00235a06d7f3}\Shell\open\command - "" = RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe O33 - MountPoints2\{cbd970b7-7847-11df-93ff-00235a06d7f3}\Shell\AutoRun\command - "" = RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe O33 - MountPoints2\{cbd970b7-7847-11df-93ff-00235a06d7f3}\Shell\open\command - "" = RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe O33 - MountPoints2\{de09c962-9f73-11e1-bd72-e504ef95f098}\Shell - "" = AutoRun O33 - MountPoints2\{de09c962-9f73-11e1-bd72-e504ef95f098}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{eed8b9b2-d1d1-11e1-8fa6-8b2ee51728d8}\Shell - "" = AutoRun O33 - MountPoints2\{eed8b9b2-d1d1-11e1-8fa6-8b2ee51728d8}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{fb9f90c8-d8e8-11e1-952b-a5697e0bc73f}\Shell - "" = AutoRun O33 - MountPoints2\{fb9f90c8-d8e8-11e1-952b-a5697e0bc73f}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-30 09:37:20 | 000,000,000 | -HSD | C] -- C:\found.000 [2013-04-30 09:20:47 | 000,000,000 | ---D | C] -- C:\_OTL [2013-04-30 09:05:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-04-30 08:49:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-04-30 08:49:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-04-30 08:49:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-04-30 08:49:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-04-30 08:49:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013-04-30 08:49:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-04-30 08:49:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013-04-30 08:49:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013-04-30 08:40:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013-04-30 08:40:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2013-04-30 08:40:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013-04-30 08:40:23 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013-04-30 08:40:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013-04-30 08:40:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013-04-30 08:33:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013-04-30 08:33:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013-04-30 08:32:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013-04-30 08:31:41 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013-04-30 08:31:40 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2013-04-30 08:31:37 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013-04-30 08:31:36 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013-04-30 08:31:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013-04-30 08:31:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2013-04-30 08:31:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013-04-30 08:31:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013-04-30 08:31:09 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013-04-30 08:25:50 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013-04-30 08:23:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013-04-23 09:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013-04-11 19:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012-02-10 12:07:26 | 007,839,752 | ---- | C] (Infonetax ) -- C:\Users\Orneta\PitySetup.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-30 15:24:06 | 004,486,688 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-04-30 15:24:05 | 004,419,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-04-30 15:24:05 | 003,805,054 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-04-30 15:24:05 | 003,778,724 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-04-30 15:19:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013-04-30 15:19:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-30 15:18:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-30 15:18:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-30 15:18:15 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910331583-995721130-1152976423-1000UA.job [2013-04-30 15:18:14 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910331583-995721130-1152976423-1000Core.job [2013-04-30 15:18:03 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-04-30 15:18:03 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-04-30 09:43:35 | 000,321,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-04-29 16:50:33 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013-04-11 19:58:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013-04-11 19:07:09 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-30 08:40:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013-04-30 08:40:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013-04-11 19:07:09 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-03-28 19:56:08 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-03-28 19:56:08 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013-03-25 19:16:00 | 000,000,190 | ---- | C] () -- C:\Users\Orneta\Stacja dysków CD — skrót.lnk [2012-07-19 22:51:57 | 000,321,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-19 16:28:57 | 000,000,000 | ---- | C] () -- C:\Users\Orneta\AppData\Local\{B27CAA45-6E26-4EBB-B5EA-593B9303CD15} [2011-02-26 11:16:21 | 000,000,104 | ---- | C] () -- C:\Users\Orneta\E-mail — skrót.lnk [2010-09-15 20:54:58 | 000,024,206 | ---- | C] () -- C:\Users\Orneta\AppData\Roaming\UserTile.png [2010-07-06 15:40:31 | 000,000,680 | ---- | C] () -- C:\Users\Orneta\AppData\Local\d3d9caps.dat [2010-06-21 11:50:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-09-11 20:02:18 | 000,040,960 | ---- | C] () -- C:\Users\Orneta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-08-07 19:25:18 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\AidemMedia [2010-06-13 22:30:22 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\Gadu-Gadu 10 [2013-04-30 08:56:49 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\go [2010-07-18 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\ipla [2010-06-20 21:46:43 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\OpenFM [2012-07-19 14:47:36 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\PeerNetworking [2009-11-02 15:36:09 | 000,000,000 | ---D | M] -- C:\Users\Orneta\AppData\Roaming\Ulead Systems [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2012-07-19 23:34:07 | 000,000,114 | ---- | M] ()(C:\Users\Orneta\Desktop\PR?DKO??.url) -- C:\Users\Orneta\Desktop\PRĘDKOŚĆ.url [2012-07-19 23:33:50 | 000,000,114 | ---- | C] ()(C:\Users\Orneta\Desktop\PR?DKO??.url) -- C:\Users\Orneta\Desktop\PRĘDKOŚĆ.url [2011-08-03 14:46:16 | 000,003,656 | -HS- | M] ()(C:\Users\Orneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis tre?ci programu OneNote.onetoc2) -- C:\Users\Orneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis treści programu OneNote.onetoc2 [2011-08-03 14:46:16 | 000,003,656 | -HS- | C] ()(C:\Users\Orneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis tre?ci programu OneNote.onetoc2) -- C:\Users\Orneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis treści programu OneNote.onetoc2 < End of report >