OTL logfile created on: 2015-06-13 12:30:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Programosy\2015 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,99% Memory free 4,22 Gb Paging File | 3,02 Gb Available in Paging File | 71,47% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 25,04 Gb Total Space | 5,75 Gb Free Space | 22,95% Space Free | Partition Type: NTFS Drive D: | 100,03 Gb Total Space | 18,41 Gb Free Space | 18,41% Space Free | Partition Type: NTFS Drive E: | 100,03 Gb Total Space | 7,40 Gb Free Space | 7,39% Space Free | Partition Type: NTFS Drive F: | 72,99 Gb Total Space | 8,62 Gb Free Space | 11,81% Space Free | Partition Type: NTFS Computer Name: PCRAD | User Name: Radzio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-06-13 10:23:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Programosy\2015\OTL_[www.programosy.pl].exe PRC - [2015-06-05 16:32:18 | 003,461,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe PRC - [2015-06-05 16:29:06 | 003,727,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgui.exe PRC - [2015-06-05 16:28:36 | 001,192,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgnsx.exe PRC - [2015-06-05 16:26:14 | 000,899,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2015\avgrsx.exe PRC - [2015-06-05 16:25:56 | 000,679,376 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgemcx.exe PRC - [2015-06-05 16:24:48 | 000,312,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe PRC - [2015-06-05 16:23:44 | 000,705,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgcsrvx.exe PRC - [2013-07-14 19:36:58 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Radzio\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012-02-27 14:46:10 | 003,387,904 | ---- | M] (SoftPerfect Research) -- F:\Program Files\NetWorx\networx.exe PRC - [2010-08-19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2008-08-05 06:58:00 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008-07-22 09:46:24 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008-04-15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008-04-15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008-01-21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-01-21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- F:\Program Files\RocketDock\RocketDock.exe PRC - [2005-01-31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-11-10 20:15:53 | 001,685,528 | ---- | M] () -- C:\Program Files\AVG Web TuneUp\TBAPI.dll MOD - [2011-09-17 12:18:22 | 000,480,256 | ---- | M] () -- F:\Program Files\NetWorx\sqlite.dll MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- F:\Program Files\RocketDock\RocketDock.exe MOD - [2007-09-02 14:57:36 | 000,069,632 | ---- | M] () -- F:\Program Files\RocketDock\RocketDock.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2015-06-10 12:49:14 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-06-05 16:32:18 | 003,461,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent) SRV - [2015-06-05 16:24:48 | 000,312,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd) SRV - [2015-05-20 15:39:32 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015-04-14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-08-28 21:34:54 | 003,948,024 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2008-07-22 09:46:24 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008-04-15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005-01-31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Radzio\AppData\Local\Temp\pxldapow.sys -- (pxldapow) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2015-06-13 09:34:11 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2015-05-19 09:57:06 | 000,227,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2015-05-14 13:49:12 | 000,029,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2015-05-12 14:46:06 | 000,213,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2015-05-12 14:45:04 | 000,190,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2015-05-12 14:45:02 | 000,169,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2015-05-07 13:52:08 | 000,290,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2015-04-15 13:05:06 | 000,206,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2015-04-14 09:37:50 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2015-04-14 09:37:42 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2015-03-20 12:18:22 | 000,035,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2015-03-11 12:13:46 | 000,132,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2014-11-10 20:15:53 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2014-05-16 15:08:41 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013-11-20 10:56:52 | 000,054,648 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\networx.sys -- (networx) DRV - [2012-09-21 21:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012-09-21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011-11-30 22:13:42 | 000,583,168 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6GX.sys -- (L6GX) DRV - [2011-08-10 12:56:46 | 000,067,968 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_cdc_acm.sys -- (zte_cdc_acm) DRV - [2011-08-10 12:56:46 | 000,009,984 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zte_cpo.sys -- (zte_cpo) DRV - [2010-04-09 16:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010-04-09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-03-25 11:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-03-20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2008-08-05 06:34:00 | 000,080,784 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-07-22 09:46:24 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008-06-05 04:11:06 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-04-21 05:14:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008-04-21 05:14:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008-01-25 06:05:41 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2006-12-22 20:05:34 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2006-11-28 22:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006-11-28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: F:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: F:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Radzio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Radzio\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Radzio\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.7.0\extensions\\Components: F:\Program Files\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.7.0\extensions\\Plugins: F:\Program Files\Mozilla Thunderbird\plugins [2015-05-20 15:39:08 | 000,000,000 | ---D | M] [2011-11-19 11:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radzio\AppData\Roaming\mozilla\Extensions [2011-06-04 23:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radzio\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013-07-21 23:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Radzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\ CHR - Extension: No name found = C:\Users\Radzio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_1\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DataCardMonitor] F:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NetWorx] F:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2731572921-2905035531-157825229-1000..\Run: [Facebook Update] C:\Users\Radzio\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2731572921-2905035531-157825229-1000..\Run: [HW_OPENEYE_OUC_] F:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-2731572921-2905035531-157825229-1000..\Run: [RocketDock] F:\Program Files\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2731572921-2905035531-157825229-1000\..Trusted Domains: line6.net ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F7FD0D6-5B20-4D76-8B26-61A8BADFE826}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54EF9B09-3609-4DFA-A782-F69399BDC7F4}: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6795D397-7A95-4C1B-8F66-D1C52CA6262D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99A87A02-B96A-4D9E-9469-10E33175BE03}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Radzio\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Radzio\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04d76b8e-3b09-11e4-b778-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{04d76b8e-3b09-11e4-b778-001e68fe1151}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{073f4d79-55a4-11de-a8ad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{073f4d79-55a4-11de-a8ad-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe HowToUse\HowToUse.htm O33 - MountPoints2\{137d10dc-b30e-11e0-998d-001e68fe1151}\Shell - "" = Autorun O33 - MountPoints2\{137d10dc-b30e-11e0-998d-001e68fe1151}\Shell\AutoRun\command - "" = H:\Install_Nokia_Ovi_Suite.exe O33 - MountPoints2\{1b42ad81-3a04-11e1-8a22-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{1b42ad81-3a04-11e1-8a22-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{37f4238d-dcfa-11e3-8918-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{37f4238d-dcfa-11e3-8918-001e68fe1151}\Shell\AutoRun\command - "" = J:\_AUTORUN\AUTORUN.EXE O33 - MountPoints2\{5326a177-a75d-11e3-9cda-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{5326a177-a75d-11e3-9cda-001e68fe1151}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{5326a1b3-a75d-11e3-9cda-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{5326a1b3-a75d-11e3-9cda-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{585b702d-37ab-11e1-b423-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{585b702d-37ab-11e1-b423-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{585b7056-37ab-11e1-b423-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{585b7056-37ab-11e1-b423-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{6f486cbc-3a08-11e1-a05b-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{6f486cbc-3a08-11e1-a05b-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{6f486cd8-3a08-11e1-a05b-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{6f486cd8-3a08-11e1-a05b-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{b55f663e-a39a-11e4-8d78-001e68fe1151}\Shell\AutoRun\command - "" = H:\RunClubSanDisk.exe O33 - MountPoints2\{c400a2ee-aa1d-11e3-a732-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{c400a2ee-aa1d-11e3-a732-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{d6af50c2-39fd-11e1-8134-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{d6af50c2-39fd-11e1-8134-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ea5c41a8-a4e2-11e1-8d49-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{ea5c41a8-a4e2-11e1-8d49-001e68fe1151}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{f8795da5-a573-11e3-90f8-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{f8795da5-a573-11e3-90f8-001e68fe1151}\Shell\AutoRun\command - "" = H:\windows\Install\Install.exe O33 - MountPoints2\{fba5604d-3a05-11e1-b8c8-001e68fe1151}\Shell - "" = AutoRun O33 - MountPoints2\{fba5604d-3a05-11e1-b8c8-001e68fe1151}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (tpnative) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-06-11 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\Radzio\Desktop\Sąd [2015-06-11 20:21:20 | 000,000,000 | ---D | C] -- C:\Users\Radzio\Start Menu [2015-06-11 20:02:38 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-06-11 20:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015-06-11 20:02:15 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2015-06-11 20:02:15 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2015-06-11 20:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2015-06-02 16:16:06 | 000,000,000 | ---D | C] -- C:\Users\Radzio\AppData\Local\Avg [2015-05-19 09:57:06 | 000,227,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [2015-05-14 13:49:12 | 000,029,664 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-06-13 12:23:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-06-13 11:59:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731572921-2905035531-157825229-1000UA.job [2015-06-13 11:49:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-06-13 11:27:05 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2015-06-13 11:27:05 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2015-06-13 10:39:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2731572921-2905035531-157825229-1000UA.job [2015-06-13 10:23:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2015-06-13 10:22:57 | 000,058,880 | ---- | M] () -- C:\Users\Radzio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015-06-13 10:18:54 | 000,049,326 | ---- | M] () -- C:\ProgramData\nvModes.dat [2015-06-13 10:18:54 | 000,049,326 | ---- | M] () -- C:\ProgramData\nvModes.001 [2015-06-13 10:18:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-06-13 09:32:35 | 000,665,460 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2015-06-13 09:32:35 | 000,128,164 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2015-06-13 09:32:34 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2015-06-13 09:32:34 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2015-06-13 09:31:06 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-06-13 09:10:45 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-06-11 20:02:20 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015-06-11 14:59:01 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731572921-2905035531-157825229-1000Core.job [2015-06-10 19:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2731572921-2905035531-157825229-1000Core.job [2015-06-10 12:49:14 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2015-06-10 12:49:14 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2015-06-02 23:49:35 | 000,139,475 | ---- | M] () -- C:\Users\Radzio\Desktop\króliczek.jpg [2015-06-02 06:32:05 | 000,063,492 | ---- | M] () -- C:\Users\Radzio\Desktop\potwierdzenie przelewu.pdf [2015-06-02 06:25:09 | 000,064,924 | ---- | M] () -- C:\Users\Radzio\Desktop\Legitymacja wniosek.pdf [2015-05-30 23:29:30 | 000,069,276 | ---- | M] () -- C:\Users\Radzio\Desktop\b2508fbc1047ed5d663599c4549d242a.jpg [2015-05-24 07:50:01 | 003,552,271 | ---- | M] () -- C:\Users\Radzio\Desktop\Podstawy okulistyki - M. H. Niżankowska.pdf [2015-05-19 09:57:06 | 000,227,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [2015-05-18 19:37:33 | 000,000,680 | ---- | M] () -- C:\Users\Radzio\AppData\Local\d3d9caps.dat [2015-05-14 13:49:12 | 000,029,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-06-11 20:02:20 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015-06-02 23:49:34 | 000,139,475 | ---- | C] () -- C:\Users\Radzio\Desktop\króliczek.jpg [2015-06-02 06:32:04 | 000,063,492 | ---- | C] () -- C:\Users\Radzio\Desktop\potwierdzenie przelewu.pdf [2015-06-02 06:25:08 | 000,064,924 | ---- | C] () -- C:\Users\Radzio\Desktop\Legitymacja wniosek.pdf [2015-05-30 23:29:29 | 000,069,276 | ---- | C] () -- C:\Users\Radzio\Desktop\b2508fbc1047ed5d663599c4549d242a.jpg [2015-05-24 07:49:49 | 003,552,271 | ---- | C] () -- C:\Users\Radzio\Desktop\Podstawy okulistyki - M. H. Niżankowska.pdf [2010-12-24 02:45:37 | 000,014,713 | ---- | C] () -- C:\Users\Radzio\123459.aup.bak [2010-12-24 02:45:37 | 000,012,820 | ---- | C] () -- C:\Users\Radzio\123459.aup [2010-02-21 19:11:06 | 000,030,920 | ---- | C] () -- C:\Users\Radzio\AppData\Roaming\UserTile.png [2009-06-10 12:15:21 | 000,058,880 | ---- | C] () -- C:\Users\Radzio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-10 12:07:23 | 000,049,326 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-06-10 12:07:19 | 000,049,326 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-06-10 11:57:54 | 000,000,680 | ---- | C] () -- C:\Users\Radzio\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008-01-21 04:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008-01-21 04:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-01-21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >