OTL logfile created on: 2013-06-10 00:17:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tomasz Mikołajczyk\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 84,94% Memory free 14,84 Gb Paging File | 14,48 Gb Available in Paging File | 97,59% Paging File free Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sy [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20,00 Gb Total Space | 4,52 Gb Free Space | 22,59% Space Free | Partition Type: NTFS Drive F: | 91,78 Gb Total Space | 85,82 Gb Free Space | 93,51% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 51,96 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 7,59 Gb Free Space | 0,81% Space Free | Partition Type: NTFS Computer Name: P4 | User Name: Tomasz Mikołajczyk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-06-10 00:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomasz Mikołajczyk\Pulpit\OTL.exe PRC - [2013-05-08 13:52:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013-03-27 23:38:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013-03-27 23:38:12 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013-03-27 23:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2008-06-09 14:49:06 | 000,023,040 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe PRC - [2008-06-09 14:44:35 | 001,212,928 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe PRC - [2008-05-06 16:05:50 | 000,221,300 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative Sound Blaster X-Fi\Volume Panel\VolPanlu.exe PRC - [2008-04-30 04:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-04-15 12:05:40 | 001,949,696 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio Personal Firewal 4.0.16\Personal Firewall 4\kpf4ss.exe PRC - [2004-04-15 12:05:14 | 002,510,848 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio Personal Firewal 4.0.16\Personal Firewall 4\kpf4gui.exe PRC - [2004-04-12 12:14:24 | 001,695,830 | ---- | M] (ABIT Computer Corporation) -- C:\Program Files\ABIT\ABIT uGuru\uGuru.exe PRC - [2004-04-08 13:19:32 | 000,229,376 | ---- | M] (AIBT Computer Corp.) -- C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-01-29 17:19:11 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008-06-09 14:49:10 | 000,002,560 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL MOD - [2004-08-03 15:35:14 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Disabled | Stopped] -- -- (Adobe LM Service) SRV - [2013-06-01 22:04:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-27 23:38:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013-03-27 23:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype 4.0\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010-01-23 16:12:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010-01-23 16:12:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2008-12-23 22:55:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service) SRV - [2008-04-30 04:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2004-04-15 12:05:40 | 001,949,696 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio Personal Firewal 4.0.16\Personal Firewall 4\kpf4ss.exe -- (KPF4) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Boot | Stopped] -- -- (Cdr4vsd) DRV - File not found [Kernel | Boot | Stopped] -- -- (AC2003) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\3c2364b.sys -- (3c2364b) DRV - [2013-03-27 23:38:48 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013-03-27 23:38:48 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013-03-27 23:38:48 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013-01-29 17:20:15 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008-06-09 16:34:26 | 001,220,632 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k) DRV - [2008-06-09 16:34:17 | 001,177,624 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2008-06-09 16:34:04 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2008-06-09 16:34:02 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2008-06-09 16:33:59 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2008-06-09 16:33:57 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2008-06-09 16:33:48 | 000,534,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2008-06-09 16:33:40 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2008-06-09 16:33:36 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctexfifx.sys -- (CTEXFIFX.SYS) DRV - [2008-06-09 16:33:36 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctexfifx.sys -- (CTEXFIFX) DRV - [2008-06-09 16:33:31 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cthwiut.sys -- (CTHWIUT.SYS) DRV - [2008-06-09 16:33:31 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cthwiut.sys -- (CTHWIUT) DRV - [2008-06-09 16:33:29 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ct20xut.sys -- (CT20XUT.SYS) DRV - [2008-06-09 16:33:29 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ct20xut.sys -- (CT20XUT) DRV - [2007-06-28 11:40:04 | 000,025,728 | ---- | M] (LayerWalker Technology, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\miniEther.sys -- (miniEther) DRV - [2007-06-28 11:39:16 | 000,314,368 | ---- | M] (LayerWalker Technology, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\miniSAN.sys -- (miniSAN) DRV - [2006-01-13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2005-07-28 15:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SymEvent.sys -- (SymEvent) DRV - [2004-10-21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK) DRV - [2004-10-21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l8042mou.sys -- (L8042mou) DRV - [2004-10-21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2004-10-21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKE) DRV - [2004-08-03 15:36:50 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-04-28 12:10:22 | 000,616,124 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004-04-15 12:02:56 | 000,147,456 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2004-04-14 14:25:14 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) DRV - [2004-04-14 14:22:46 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) DRV - [2004-02-27 12:04:10 | 000,004,608 | ---- | M] (ABIT Computer Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ProcObsrv.sys -- (ProcObsrv) DRV - [2004-02-26 18:52:22 | 000,010,752 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\uGuru.SYS -- (uGuru) DRV - [2004-02-24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003-08-13 09:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003-07-16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2003-07-01 13:45:02 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2003-07-01 13:29:10 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2003-07-01 13:28:46 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2003-07-01 13:25:56 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2003-07-01 13:20:38 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2003-07-01 13:19:20 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (BtAudio) DRV - [2003-07-01 13:18:58 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2003-04-09 15:10:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002-09-17 13:55:06 | 000,003,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ABIT\ABIT uGuru\winflash.sys -- (Winflash) DRV - [2002-04-11 20:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter) DRV - [2001-11-29 20:49:56 | 000,004,047 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ABIT\ABIT uGuru\memctl.sys -- (Memctl) DRV - [2001-08-10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) DRV - [2001-06-21 23:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel) DRV - [2001-06-21 23:39:02 | 000,020,032 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sntnlusb.sys -- (Sntnlusb) DRV - [1999-05-19 11:09:08 | 000,003,608 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\port_nt.sys -- (port_nt) DRV - [1998-09-23 14:57:14 | 000,024,448 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\SearchScopes,DefaultScope = {B8F72795-7A43-4F28-8255-327602FB936A} IE - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\SearchScopes\{B8F72795-7A43-4F28-8255-327602FB936A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\NP4zEISB.dll (VideoDownloadConverter) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) [2010-05-19 12:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-05-19 12:19:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} O1 HOSTS File: ([2009-02-17 16:18:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe Acrobat Reader 6.0.2 CE Pl\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found. O4 - HKLM..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office 2003 Professional\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..Trusted Domains: ([]msn in My Computer) O15 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Zaufane witryny) O15 - HKU\S-1-5-21-1214440339-2000478354-1801674531-1003\..Trusted Domains: microsoft.com ([update] http in Zaufane witryny) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FD18EB6-BB9C-450A-A564-D0AC344731AD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll () O24 - Desktop Components:0 () - http://antwrp.gsfc.nasa.gov/apod/image/0509/ic1396b_wright_f50.jpg O24 - Desktop Components:1 () - http://antwrp.gsfc.nasa.gov/apod/image/0509/ic1396b_wright_f13.jpg O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-11-26 12:51:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{39db01bc-7671-11e0-b41a-000272b0bee1}\Shell - "" = AutoRun O33 - MountPoints2\{39db01bc-7671-11e0-b41a-000272b0bee1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RIUOM.Exe O33 - MountPoints2\{bc31878a-153e-11e1-b444-000272b0bee1}\Shell - "" = AutoRun O33 - MountPoints2\{bc31878a-153e-11e1-b444-000272b0bee1}\Shell\AutoRun\command - "" = I:\Dexxon_v2.34.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-06-10 00:07:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomasz Mikołajczyk\Pulpit\OTL.exe [2013-06-07 11:09:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tomasz Mikołajczyk\Recent [2013-04-01 21:29:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dane aplikacji\rundll32.exe [2012-11-08 22:51:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-06-10 00:12:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-06-10 00:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomasz Mikołajczyk\Pulpit\OTL.exe [2013-06-09 23:53:45 | 000,527,714 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-06-09 23:53:45 | 000,466,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-06-09 23:53:45 | 000,102,432 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-06-09 23:53:45 | 000,081,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-06-09 23:49:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Go for FilesUpdate.job [2013-06-09 23:49:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013-06-09 23:49:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-06-09 23:47:46 | 000,056,412 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx [2013-06-09 23:47:46 | 000,056,412 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx [2013-06-09 23:47:46 | 000,000,796 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx [2013-06-09 23:45:19 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-06-09 17:36:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-06-04 23:33:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013-06-01 22:04:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-06-01 22:04:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-05-29 23:51:42 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-21 23:42:17 | 000,328,902 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\5276446.exe [2013-04-21 23:42:03 | 000,328,902 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\7148260.exe [2012-11-04 19:48:28 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\etstsjhshgfvuew [2012-09-25 20:57:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-07 23:16:53 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\-2025827831 [2012-02-28 22:00:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010-10-03 17:36:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\2010-10-03_173425.jpg [2010-05-28 20:39:07 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dane aplikacji\vqdlkr.dat [2010-05-28 20:39:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\avdrn.dat [2010-01-20 23:49:59 | 000,000,110 | -H-- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\xpy.ini [2008-07-13 16:41:53 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\$_hpcst$.hpc [2008-02-28 15:59:54 | 001,056,768 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\secsetup.sdb [2006-02-10 08:12:14 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\addr_file.html [2004-11-29 10:56:23 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Tomasz Mikołajczyk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2007-10-27 17:32:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 19:20:47 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 19:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-12-11 00:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\9D04A673E4421F7D00009D04097827CA [2004-12-06 16:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems [2006-08-22 13:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BendPokeSkipNew(2) [2010-07-11 11:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-07-11 17:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-03-08 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle [2012-08-29 14:50:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{3155EF3F-3778-4C4C-B0F3-3E48423B8965} [2011-12-06 00:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2004-12-06 16:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\ACD Systems [2005-03-22 02:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Adlume [2010-02-13 20:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\BESTplayer [2007-01-24 19:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Cartall [2009-03-24 22:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Ebydry [2010-07-01 00:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\FileZilla [2008-01-08 15:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Gadu-Gadu [2012-08-29 14:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Gadu-Gadu 10 [2012-12-11 14:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\GoforFiles [2008-08-29 14:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\HateML [2008-08-30 00:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\HEXelon [2009-07-11 11:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\IObit [2007-01-06 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Music Recognition [2005-04-22 11:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Nikon [2009-11-07 14:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Nowe Gadu-Gadu [2010-07-11 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\OpenFM [2007-01-06 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\PC Sync [2010-05-20 23:22:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\SystemProc [2013-04-21 23:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\winm [2011-04-02 18:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomasz Mikołajczyk\Dane aplikacji\Xyuny [color=#E56717]========== Purity Check ==========[/color] < End of report >