PawelS28

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform:  Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Folder "C:\Documents and Settings\All Users\Dane aplikacji\036E1BA62B17D979F207C2D481CB3EF3" deleted successfully.
Completed script processing.
*******************
Finished!  Terminate.

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 22-08-2012 at 21:45:13
Running from "E:\"
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0126464 ____A (Microsoft Corporation) 6B4AFE7C676CFF3EFF2DC06A4EE945F7
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 18:50] - [2009-04-20 19:09] - 0045568 ____A (Microsoft Corporation) 4CE42967710BEB87AE805D9DA7A87499
C:\WINDOWS\system32\ipnathlp.dll
[2009-01-30 16:28] - [2009-01-30 16:28] - 0330752 ____A (Microsoft Corporation) 415E4EBF192A9D68C28DE0541BE48307
C:\WINDOWS\system32\netman.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0198144 ____A (Microsoft Corporation) 4FE97D0B1B182DF2A9BDD4C02155EF5E
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-05-30 19:13] - [2008-04-14 18:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9
C:\WINDOWS\system32\srsvc.dll
[2012-05-30 19:14] - [2008-04-14 18:50] - 0171520 ____A (Microsoft Corporation) 316D0E66074AE4CDE641C50D3A1C5148
C:\WINDOWS\system32\Drivers\sr.sys
[2012-05-30 19:14] - [2008-04-14 18:04] - 0073472 ____A (Microsoft Corporation) EB032822BE406EF220D546DDFFCF0002
C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 18:51] - [2008-04-14 18:51] - 0080896 ____A (Microsoft Corporation) B6669F49D42E09BC0F9889FAA0F3336D
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-05-30 19:13] - [2008-04-14 18:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9
C:\WINDOWS\system32\wuauserv.dll
[2012-05-30 19:15] - [2008-04-14 18:51] - 0006656 ____A (Microsoft Corporation) 04550D5EB7EE82C115DB547C01DF09FD
C:\WINDOWS\system32\qmgr.dll
[2012-05-30 19:15] - [2008-04-14 18:50] - 0409088 ____A (Microsoft Corporation) 78200FAA6FD9C69394134C238C87FB7F
C:\WINDOWS\system32\es.dll
[2009-01-30 16:27] - [2009-01-30 16:27] - 0253952 ____A (Microsoft Corporation) 5BB3E442E43C7BB0F38203F23C920D3C
C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0062464 ____A (Microsoft Corporation) 6B105FE95F2E9F0B6346044BA59D41C9
C:\WINDOWS\system32\svchost.exe
[2008-04-14 18:51] - [2008-04-14 18:51] - 0014336 ____A (Microsoft Corporation) 8607D35D92528E2DF386F19A960D23CE
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 18:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) A37311D9D628C1042A2836731787F0F3
C:\WINDOWS\system32\services.exe
[2008-04-14 18:51] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02A467E27AF55F7064C5B251E587315F

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****

OTL logfile created on: 2012-08-22 21:45:53 - Run 4
OTL by OldTimer - Version 3.2.58.1	 Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 82,02% Memory free
5,34 Gb Paging File | 4,90 Gb Available in Paging File | 91,74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 7,90 Gb Free Space | 32,35% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 96,41 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 135,60 Gb Free Space | 92,57% Space Free | Partition Type: NTFS
Drive F: | 148,37 Gb Total Space | 90,14 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive H: | 6,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-39F3FEC025 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-22 17:00:46 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-08-21 12:23:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012-07-18 21:36:35 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2008-04-14 18:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- E:\Nero 7\InCD\InCDsrv.exe
PRC - [2006-10-13 17:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006-01-30 18:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-08-22 14:39:00 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012-07-18 21:36:35 | 002,003,424 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-05-15 12:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2012-05-15 12:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012-05-14 11:25:36 | 000,083,968 | ---- | M] () -- E:\Program Files\Free Download Manager\fdmumsp.dll
MOD - [2012-05-14 11:24:12 | 000,173,056 | ---- | M] () -- E:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-08-22 17:00:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-07-18 21:36:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-19 16:26:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- E:\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007-04-13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-05-31 00:19:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-05-30 20:18:33 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2012-05-30 20:18:32 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2012-05-30 20:18:32 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009-05-08 08:52:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-04-13 20:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2008-02-14 11:42:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-05-15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007-04-16 14:16:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006-10-13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {17C45DEA-D545-4231-967D-29852435A7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{17C45DEA-D545-4231-967D-29852435A7BB}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "GadgetBox"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..browser.search.order.1: "GadgetBox"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/?affid=gb2"
FF - prefs.js..keyword.URL: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "82.17.181.100"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "82.17.181.100"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "82.17.181.100"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "82.17.181.100"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012-07-18 21:36:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012-06-07 15:50:50 | 000,000,000 | ---D | M]

[2012-05-30 22:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2012-08-22 14:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions
[2012-08-19 14:03:00 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions\plugin@videofiledownload.com
[2012-08-20 17:02:51 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\GadgetBox.xml
[2012-08-10 21:48:17 | 000,003,998 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\sweetim.xml
[2012-08-13 13:11:28 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- E:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION

O1 HOSTS File: ([2001-10-26 13:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (wxDfast Class) - {A5A7F150-0D6F-F74C-7336-C649409F28E5} - C:\Documents and Settings\All Users\Dane aplikacji\wxDfast\bhoclass.dll File not found
O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pobierz plik wideo w FDM - E:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Pobierz w FDM - E:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Pobierz wszystkie pliki w FDM - E:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Pobierz zaznaczone pliki w FDM - E:\Program Files\Free Download Manager\dlselected.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345638704468 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9907540-FD68-4CF4-84D2-B4CEDBC2889A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-30 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-05-06 17:23:13 | 000,000,070 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2012-05-06 17:23:13 | 000,582,014 | R--- | M] (EA Sports												   )
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-22 21:43:19 | 000,000,000 | ---D | C] -- C:\Avenger
[2012-08-22 17:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-08-22 17:00:58 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-08-22 17:00:58 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-08-22 17:00:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-08-22 17:00:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-08-22 17:00:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-08-22 17:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-08-22 14:39:00 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-22 14:39:00 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-22 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
[2012-08-22 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-08-22 14:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012-08-22 09:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\RK_Quarantine
[2012-08-21 12:00:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012-08-21 11:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2012-08-21 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-08-20 23:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Everest Poker
[2012-08-20 23:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2012-08-20 17:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-08-20 17:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GBox
[2012-08-20 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer
[2012-08-19 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\MyTorrents
[2012-08-19 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\OpenApp
[2012-08-19 14:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl
[2012-08-15 00:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\FIFA 12
[2012-08-15 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA Sports
[2012-08-14 12:02:01 | 000,000,000 | ---D | C] -- C:\Downloads
[2012-08-13 13:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager
[2012-08-13 13:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Free Download Manager
[2012-08-11 15:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012-08-11 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-08-10 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012-08-01 11:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Comodo
[2012-08-01 10:54:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-07-30 13:10:02 | 000,000,000 | ---D | C] -- C:\Casino
[2012-07-25 09:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2012-07-25 08:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2012-07-25 01:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2012-07-25 01:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-07-24 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2012-07-24 09:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\muza do auta

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-22 21:47:49 | 000,555,448 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-08-22 21:47:48 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-22 21:47:48 | 000,104,478 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-08-22 21:47:48 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-22 21:43:35 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-22 21:43:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-22 19:25:42 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-22 17:00:47 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-08-22 17:00:46 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-08-22 17:00:46 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-08-22 17:00:46 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-08-22 17:00:46 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-08-22 17:00:46 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-08-22 17:00:46 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-08-22 14:39:00 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-22 14:39:00 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-20 23:29:09 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-18 10:01:05 | 000,087,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-17 23:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-08-16 15:29:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-16 10:13:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-15 00:04:34 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini
[2012-07-30 15:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-27 20:36:53 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-25 01:00:08 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-20 23:29:09 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-20 20:10:13 | 004,364,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1960408961-1645522239-682003330-500-0.dat
[2012-08-20 20:10:13 | 000,279,006 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-08-18 10:01:04 | 000,087,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-15 00:04:34 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini
[2012-07-24 18:48:14 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-18 23:23:07 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012-07-05 13:34:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-06-04 18:25:21 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-01 17:15:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-05-31 00:03:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-05-30 23:36:37 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2012-05-30 23:36:36 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2012-05-30 23:16:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2012-05-30 21:07:58 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-05-30 21:06:46 | 001,502,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-05-30 20:23:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-05-30 20:23:29 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-05-30 20:19:10 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-05-30 19:19:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-05-30 19:14:16 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >

All processes killed
========== OTL ==========
Service zpcrzw stopped successfully!
Service zpcrzw deleted successfully!
E:\CCE\ccekrnl.dat moved successfully.
Service zirlwy stopped successfully!
Service zirlwy deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service wfimgv stopped successfully!
Service wfimgv deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service trvulq stopped successfully!
Service trvulq deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service tcgzov stopped successfully!
Service tcgzov deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service snvstx stopped successfully!
Service snvstx deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service psmtdu stopped successfully!
Service psmtdu deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service poagaq stopped successfully!
Service poagaq deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service mhkokt stopped successfully!
Service mhkokt deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service meybip stopped successfully!
Service meybip deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service jtewpo stopped successfully!
Service jtewpo deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service jfpjss stopped successfully!
Service jfpjss deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service grkjfn stopped successfully!
Service grkjfn deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service fvnwhs stopped successfully!
Service fvnwhs deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service czwxrx stopped successfully!
Service czwxrx deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service cktqpz stopped successfully!
Service cktqpz deleted successfully!
File E:\CCE\ccekrnl.dat not found.
Service chidmv stopped successfully!
Service chidmv deleted successfully!
File E:\CCE\ccekrnl.dat not found.
File - BHO: (wxDfast Class) - {A5A7F150-0D6F-F74C-7336-C649409F28E5} - C:\Documents and Settings\All Users\Dane aplikacji\wxDfast\bhoclass.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\sprote~1\sprote~1.dll deleted successfully.
c:\Program Files\SProtector\sprotector.dll moved successfully.
Folder C:\Documents and Settings\All Users\Dane aplikacji\036E1BA62B17D979F207C2D481CB3EF3\ not found.
C:\Program Files\SProtector folder moved successfully.
========== FILES ==========
[color=#A23BEC]< netsh winsock reset /C >[/color]
Pomy˜lnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi† komputer, aby ukoäczy† resetowanie.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 13916041 bytes
->Temporary Internet Files folder emptied: 8670602 bytes
->FireFox cache emptied: 525044605 bytes
->Flash cache emptied: 7975 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4022340 bytes
->Flash cache emptied: 697 bytes

User: Paweł
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 529,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08222012_144538
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1eb4.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

OTL logfile created on: 2012-08-22 14:51:17 - Run 3
OTL by OldTimer - Version 3.2.58.1	 Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 3,10 Gb Available Physical Memory | 88,53% Memory free
5,34 Gb Paging File | 5,12 Gb Available in Paging File | 95,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,68 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 96,41 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 135,60 Gb Free Space | 92,57% Space Free | Partition Type: NTFS
Drive F: | 148,37 Gb Total Space | 92,88 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
Drive H: | 6,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-39F3FEC025 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-21 12:23:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008-04-14 18:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- E:\Nero 7\InCD\InCDsrv.exe
PRC - [2006-10-13 17:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006-01-30 18:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-15 12:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2012-05-15 12:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-18 21:36:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-19 16:26:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- E:\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007-04-13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-05-31 00:19:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-05-30 20:18:33 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2012-05-30 20:18:32 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2012-05-30 20:18:32 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009-05-08 08:52:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-04-13 20:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2008-02-14 11:42:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-05-15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007-04-16 14:16:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006-10-13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {17C45DEA-D545-4231-967D-29852435A7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{17C45DEA-D545-4231-967D-29852435A7BB}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "GadgetBox"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..browser.search.order.1: "GadgetBox"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/?affid=gb2"
FF - prefs.js..keyword.URL: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "82.17.181.100"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "82.17.181.100"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "82.17.181.100"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "82.17.181.100"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012-07-18 21:36:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012-06-07 15:50:50 | 000,000,000 | ---D | M]

[2012-05-30 22:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2012-08-22 14:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions
[2012-08-19 14:03:00 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions\plugin@videofiledownload.com
[2012-08-20 17:02:51 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\GadgetBox.xml
[2012-08-10 21:48:17 | 000,003,998 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\sweetim.xml
[2012-08-13 13:11:28 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- E:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION

O1 HOSTS File: ([2001-10-26 13:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (wxDfast Class) - {A5A7F150-0D6F-F74C-7336-C649409F28E5} - C:\Documents and Settings\All Users\Dane aplikacji\wxDfast\bhoclass.dll File not found
O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pobierz plik wideo w FDM - E:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Pobierz w FDM - E:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Pobierz wszystkie pliki w FDM - E:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Pobierz zaznaczone pliki w FDM - E:\Program Files\Free Download Manager\dlselected.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345638704468 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9907540-FD68-4CF4-84D2-B4CEDBC2889A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-30 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-05-06 17:23:13 | 000,000,070 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2012-05-06 17:23:13 | 000,582,014 | R--- | M] (EA Sports												   )
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-22 14:39:00 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-22 14:39:00 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-22 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
[2012-08-22 14:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-08-22 14:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012-08-22 09:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\RK_Quarantine
[2012-08-21 12:00:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012-08-21 11:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2012-08-21 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-08-20 23:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Everest Poker
[2012-08-20 23:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2012-08-20 17:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-08-20 17:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GBox
[2012-08-20 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer
[2012-08-19 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\MyTorrents
[2012-08-19 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\OpenApp
[2012-08-19 14:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl
[2012-08-15 00:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\FIFA 12
[2012-08-15 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA Sports
[2012-08-14 12:02:01 | 000,000,000 | ---D | C] -- C:\Downloads
[2012-08-13 13:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager
[2012-08-13 13:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Free Download Manager
[2012-08-11 15:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012-08-11 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-08-10 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012-08-01 11:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Comodo
[2012-08-01 10:54:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-08-01 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\036E1BA62B17D979F207C2D481CB3EF3
[2012-07-30 13:10:02 | 000,000,000 | ---D | C] -- C:\Casino
[2012-07-25 09:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2012-07-25 08:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2012-07-25 01:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2012-07-25 01:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-07-24 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2012-07-24 09:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\muza do auta

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-22 14:50:39 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-22 14:50:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-22 14:45:40 | 000,555,448 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-08-22 14:45:40 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-22 14:45:40 | 000,104,478 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-08-22 14:45:40 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-22 14:39:00 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-22 14:39:00 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-20 23:29:09 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-19 20:18:44 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-18 10:01:05 | 000,087,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-17 23:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-08-16 15:29:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-16 10:13:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-15 00:04:34 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini
[2012-07-30 15:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-27 20:36:53 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-25 01:00:08 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-20 23:29:09 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-20 20:10:13 | 004,364,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1960408961-1645522239-682003330-500-0.dat
[2012-08-20 20:10:13 | 000,279,006 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-08-18 10:01:04 | 000,087,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-15 00:04:34 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini
[2012-07-24 18:48:14 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-18 23:23:07 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012-07-05 13:34:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-06-04 18:25:21 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-01 17:15:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-05-31 00:03:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-05-30 23:36:37 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2012-05-30 23:36:36 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2012-05-30 23:16:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2012-05-30 21:07:58 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-05-30 21:06:46 | 001,502,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-05-30 20:23:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-05-30 20:23:29 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-05-30 20:19:10 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-05-30 19:19:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-05-30 19:14:16 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >

SystemLook 30.07.11 by jpshortstuff
Log created at 09:37 on 22/08/2012 by Administrator
Administrator - Elevation successful

========== reg ==========
[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
"ThreadingModel"="Both"
@="c:\windows\system32\shell32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]
@="Microsoft WBEM New Event Subsystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
@="wbemess.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
@="MruPidlList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@="%SystemRoot%\system32\shdocvw.dll"
"ThreadingModel"="Apartment"

========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 111104 bytes [22:12 30/05/2012] [11:19 09/02/2009] 8816E60BF654353E8E0D35ED98875445
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 109056 bytes [22:23 30/05/2012] [16:51 14/04/2008] 3E3AE424E27C4CEFE4CAB368C7B570EA
C:\WINDOWS\system32\services.exe --a---- 111104 bytes [16:51 14/04/2008] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F
C:\WINDOWS\system32\dllcache\services.exe -----c- 111104 bytes [16:51 14/04/2008] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F
========== folderfind ==========

Searching for "{17b8d128-a618-54e2-20f5-3a7affd0a20a}"
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{17b8d128-a618-54e2-20f5-3a7affd0a20a} d--hs-- [16:49 14/04/2008]
C:\WINDOWS\Installer\{17b8d128-a618-54e2-20f5-3a7affd0a20a} d--hs-- [16:49 14/04/2008]
========== regfind ==========

Searching for "{17b8d128-a618-54e2-20f5-3a7affd0a20a}"
No data found.

-= EOF =-

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 09:39:51
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# User : Administrator - PAWE-39F3FEC025
# Boot Mode : Normal
# Running from : E:\adwcleaner14.08.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\GboxUpdater
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\wxDfast
Folder Deleted : C:\Documents and Settings\All Users\Menu Start\Programy\wxDfast
Folder Deleted : C:\Program Files\StartSearch plugin
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\WINDOWS\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\Premium
***** [Registry] *****
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/?affid=gb2 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/?affid=gb2 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [296 octets] - [22/08/2012 09:39:14]
AdwCleaner[S2].txt - [8079 octets] - [22/08/2012 09:39:51]
########## EOF - C:\AdwCleaner[S2].txt - [8207 octets] ##########

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 22-08-2012 at 09:44:32
Running from "E:\"
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0126464 ____A (Microsoft Corporation) 6B4AFE7C676CFF3EFF2DC06A4EE945F7
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 18:50] - [2009-04-20 19:09] - 0045568 ____A (Microsoft Corporation) 4CE42967710BEB87AE805D9DA7A87499
C:\WINDOWS\system32\ipnathlp.dll
[2009-01-30 16:28] - [2009-01-30 16:28] - 0330752 ____A (Microsoft Corporation) 415E4EBF192A9D68C28DE0541BE48307
C:\WINDOWS\system32\netman.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0198144 ____A (Microsoft Corporation) 4FE97D0B1B182DF2A9BDD4C02155EF5E
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-05-30 19:13] - [2008-04-14 18:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9
C:\WINDOWS\system32\srsvc.dll
[2012-05-30 19:14] - [2008-04-14 18:50] - 0171520 ____A (Microsoft Corporation) 316D0E66074AE4CDE641C50D3A1C5148
C:\WINDOWS\system32\Drivers\sr.sys
[2012-05-30 19:14] - [2008-04-14 18:04] - 0073472 ____A (Microsoft Corporation) EB032822BE406EF220D546DDFFCF0002
C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 18:51] - [2008-04-14 18:51] - 0080896 ____A (Microsoft Corporation) B6669F49D42E09BC0F9889FAA0F3336D
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-05-30 19:13] - [2008-04-14 18:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9
C:\WINDOWS\system32\wuauserv.dll
[2012-05-30 19:15] - [2008-04-14 18:51] - 0006656 ____A (Microsoft Corporation) 04550D5EB7EE82C115DB547C01DF09FD
C:\WINDOWS\system32\qmgr.dll
[2012-05-30 19:15] - [2008-04-14 18:50] - 0409088 ____A (Microsoft Corporation) 78200FAA6FD9C69394134C238C87FB7F
C:\WINDOWS\system32\es.dll
[2009-01-30 16:27] - [2009-01-30 16:27] - 0253952 ____A (Microsoft Corporation) 5BB3E442E43C7BB0F38203F23C920D3C
C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 18:50] - [2008-04-14 18:50] - 0062464 ____A (Microsoft Corporation) 6B105FE95F2E9F0B6346044BA59D41C9
C:\WINDOWS\system32\svchost.exe
[2008-04-14 18:51] - [2008-04-14 18:51] - 0014336 ____A (Microsoft Corporation) 8607D35D92528E2DF386F19A960D23CE
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 18:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) A37311D9D628C1042A2836731787F0F3
C:\WINDOWS\system32\services.exe
[2008-04-14 18:51] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02A467E27AF55F7064C5B251E587315F

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****

OTL logfile created on: 2012-08-22 09:47:04 - Run 2
OTL by OldTimer - Version 3.2.58.1	 Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 81,24% Memory free
5,34 Gb Paging File | 4,88 Gb Available in Paging File | 91,41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,63 Gb Free Space | 35,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 96,40 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 135,61 Gb Free Space | 92,58% Space Free | Partition Type: NTFS
Drive F: | 148,37 Gb Total Space | 92,88 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
Drive H: | 6,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PAWE-39F3FEC025 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-21 12:23:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012-07-18 21:36:35 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008-04-14 18:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- E:\Nero 7\InCD\InCDsrv.exe
PRC - [2006-10-13 17:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006-01-30 18:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-24 10:46:10 | 000,321,536 | ---- | M] () -- c:\Program Files\SProtector\sprotector.dll
MOD - [2012-07-18 21:36:35 | 002,003,424 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-07-12 20:21:38 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012-05-15 12:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2012-05-15 12:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012-05-14 11:25:36 | 000,083,968 | ---- | M] () -- E:\Program Files\Free Download Manager\fdmumsp.dll
MOD - [2012-05-14 11:24:12 | 000,173,056 | ---- | M] () -- E:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-07-18 21:36:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-19 16:26:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-05-15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-04-04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- E:\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007-04-13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006-10-13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (zpcrzw)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (zirlwy)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (wfimgv)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (trvulq)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (tcgzov)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (snvstx)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (psmtdu)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (poagaq)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (mhkokt)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (meybip)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (jtewpo)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (jfpjss)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (grkjfn)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (fvnwhs)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (czwxrx)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (cktqpz)
DRV - [2012-07-09 02:46:48 | 000,374,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\CCE\ccekrnl.dat -- (chidmv)
DRV - [2012-05-31 00:19:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-05-30 20:18:33 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2012-05-30 20:18:32 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2012-05-30 20:18:32 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009-05-08 08:52:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-04-13 20:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2008-02-14 11:42:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-05-15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007-04-16 14:16:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006-10-13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {17C45DEA-D545-4231-967D-29852435A7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{17C45DEA-D545-4231-967D-29852435A7BB}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "GadgetBox"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..browser.search.order.1: "GadgetBox"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/?affid=gb2"
FF - prefs.js..keyword.URL: "http://search.gboxapp.com/?affid=gb2&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "82.17.181.100"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "82.17.181.100"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "82.17.181.100"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "82.17.181.100"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012-07-18 21:36:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012-06-07 15:50:50 | 000,000,000 | ---D | M]

[2012-05-30 22:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2012-08-20 17:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions
[2012-08-20 17:03:21 | 000,000,000 | ---D | M] (wxDfast) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions\5032515f00067@5032515f000a0.info
[2012-08-19 14:03:00 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\extensions\plugin@videofiledownload.com
[2012-08-20 17:02:51 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\GadgetBox.xml
[2012-08-10 21:48:17 | 000,003,998 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\d3h39800.default\searchplugins\sweetim.xml
[2012-08-11 15:15:56 | 000,340,132 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\D3H39800.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012-06-01 21:11:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-08-13 13:11:28 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- E:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION

O1 HOSTS File: ([2001-10-26 13:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (wxDfast Class) - {A5A7F150-0D6F-F74C-7336-C649409F28E5} - C:\Documents and Settings\All Users\Dane aplikacji\wxDfast\bhoclass.dll File not found
O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pobierz plik wideo w FDM - E:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Pobierz w FDM - E:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Pobierz wszystkie pliki w FDM - E:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Pobierz zaznaczone pliki w FDM - E:\Program Files\Free Download Manager\dlselected.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9907540-FD68-4CF4-84D2-B4CEDBC2889A}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - c:\Program Files\SProtector\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-30 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-05-06 17:23:13 | 000,000,070 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{693c38c2-aa9c-11e1-9562-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{a5271361-aaf0-11e1-9565-0026ed9c602a}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2012-05-06 17:23:13 | 000,582,014 | R--- | M] (EA Sports												 )
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell - "" = AutoRun
O33 - MountPoints2\{b653bc49-aaa4-11e1-9564-0026ed9c602a}\Shell\AutoRun\command - "" = H:\LANLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-22 09:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\RK_Quarantine
[2012-08-21 12:00:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012-08-21 11:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2012-08-21 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-08-20 23:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Everest Poker
[2012-08-20 23:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2012-08-20 17:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-08-20 17:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GBox
[2012-08-20 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer
[2012-08-19 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\MyTorrents
[2012-08-19 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\OpenApp
[2012-08-19 14:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl
[2012-08-15 00:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\FIFA 12
[2012-08-15 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA Sports
[2012-08-14 12:02:01 | 000,000,000 | ---D | C] -- C:\Downloads
[2012-08-13 13:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager
[2012-08-13 13:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Free Download Manager
[2012-08-11 15:31:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-08-11 15:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012-08-11 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-08-10 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012-08-01 11:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Comodo
[2012-08-01 10:54:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-08-01 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\036E1BA62B17D979F207C2D481CB3EF3
[2012-07-31 22:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Deluxe Ski Jump 4
[2012-07-30 15:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector
[2012-07-30 13:10:02 | 000,000,000 | ---D | C] -- C:\Casino
[2012-07-25 09:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2012-07-25 08:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2012-07-25 01:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2012-07-25 01:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-07-24 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\uTorrent
[2012-07-24 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2012-07-24 09:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\muza do auta
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-22 09:40:56 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-22 09:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-20 23:29:09 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-19 20:18:44 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-18 10:01:05 | 000,087,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-17 23:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-08-16 15:29:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1645522239-682003330-500.job
[2012-08-16 10:13:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-15 00:04:34 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini
[2012-08-01 12:51:37 | 000,555,448 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-08-01 12:51:37 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-01 12:51:37 | 000,104,478 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-08-01 12:51:37 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-07-30 15:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-27 20:36:53 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-25 01:00:08 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-20 23:29:09 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Everest Poker.lnk
[2012-08-20 20:10:13 | 004,364,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1960408961-1645522239-682003330-500-0.dat
[2012-08-20 20:10:13 | 000,279,006 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-08-18 10:01:04 | 000,087,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\49030910.pdf
[2012-08-15 00:04:34 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UEFA EURO 2012.lnk
[2012-08-13 13:11:29 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Free Download Manager.lnk
[2012-08-05 18:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini
[2012-07-24 18:48:14 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-07-18 23:23:07 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012-07-05 13:34:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-06-04 18:25:21 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-01 17:15:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-05-31 00:03:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-05-30 23:36:37 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2012-05-30 23:36:36 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2012-05-30 23:16:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2012-05-30 21:07:58 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-05-30 21:06:46 | 001,502,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-05-30 20:23:35 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-05-30 20:23:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-05-30 20:23:29 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-05-30 20:19:10 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-05-30 19:19:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-05-30 19:14:16 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
< End of report >