OTL logfile created on: 2012-05-02 18:28:17 - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\z00269rd\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,86 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 53,99% Memory free 3,71 Gb Paging File | 2,88 Gb Available in Paging File | 77,52% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 316,52 Gb Free Space | 67,96% Space Free | Partition Type: NTFS Drive H: | 465,76 Gb Total Space | 316,52 Gb Free Space | 67,96% Space Free | Partition Type: *NT5CSC Drive U: | 465,76 Gb Total Space | 316,52 Gb Free Space | 67,96% Space Free | Partition Type: NTFS Computer Name: WAW010158NB | User Name: z00269rd | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-02 17:28:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z00269rd\Desktop\OTL.exe PRC - [2011-05-11 15:00:38 | 000,180,224 | ---- | M] (Siemens Sp. z o.o.) -- C:\Documents and Settings\z00269rd\Local Settings\Siemens_HS\hs_run.exe PRC - [2011-03-11 00:32:22 | 000,632,176 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2010-10-16 07:54:20 | 000,866,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2010-10-15 03:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2010-10-15 03:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2010-09-27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010-07-23 16:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2010-05-25 16:13:34 | 000,131,072 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CardOS API\bin\siecacst.exe PRC - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () -- C:\Program Files\OneClickInternet\WTGService.exe PRC - [2009-10-15 19:59:26 | 000,138,088 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe PRC - [2009-10-15 19:59:26 | 000,033,640 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe PRC - [2009-10-15 19:59:26 | 000,017,256 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe PRC - [2009-10-01 15:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe PRC - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe PRC - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-08-01 00:11:24 | 000,128,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe PRC - [2009-08-01 00:11:22 | 001,807,608 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2009-07-21 01:00:00 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009-07-13 11:32:42 | 002,676,064 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2009-07-07 11:44:22 | 000,341,320 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2009-07-06 15:38:24 | 000,349,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe PRC - [2009-06-26 22:17:14 | 002,651,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2009-06-19 22:21:22 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009-06-16 21:19:32 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009-06-08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2009-06-03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2009-04-03 01:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2008-12-11 15:19:32 | 000,024,653 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe PRC - [2008-12-11 15:13:00 | 000,163,931 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe PRC - [2008-12-11 15:12:24 | 000,114,773 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe PRC - [2008-07-24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008-07-02 14:25:52 | 000,607,744 | ---- | M] (Siemens AG) -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-02-02 11:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) -- C:\WINNT\system32\DWRCS.EXE PRC - [2006-11-06 18:44:02 | 000,071,680 | ---- | M] (DameWare Development) -- C:\WINNT\system32\DWRCST.EXE PRC - [2006-04-20 15:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2006-03-26 23:44:08 | 000,221,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe PRC - [2006-03-26 23:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe PRC - [2005-09-12 14:18:39 | 000,077,824 | ---- | M] (Siemens Sp. z o.o.) -- C:\Program Files\Siemens\AdminSeal\AdminSeal_service.exe PRC - [2003-11-14 16:58:30 | 000,253,952 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe PRC - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-01 09:12:10 | 003,391,488 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_be302b20\mscorlib.dll MOD - [2012-02-01 09:12:03 | 000,835,584 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3be77cdb\system.drawing.dll MOD - [2012-02-01 09:11:58 | 002,088,960 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4f907e23\system.xml.dll MOD - [2012-02-01 09:11:55 | 003,035,136 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_90d6f329\system.windows.forms.dll MOD - [2012-02-01 09:11:50 | 001,966,080 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fa669f0d\system.dll MOD - [2012-02-01 09:11:43 | 001,232,896 | ---- | M] () -- c:\winnt\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012-02-01 09:11:41 | 002,064,384 | ---- | M] () -- c:\winnt\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011-03-13 15:03:36 | 000,051,716 | ---- | M] () -- C:\WINNT\system32\pdf995mon.dll MOD - [2011-01-26 12:43:19 | 001,339,392 | ---- | M] () -- c:\winnt\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2011-01-26 12:43:19 | 001,294,336 | ---- | M] () -- c:\winnt\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll MOD - [2011-01-26 12:43:19 | 000,372,736 | ---- | M] () -- c:\winnt\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2011-01-26 12:43:18 | 000,466,944 | ---- | M] () -- c:\winnt\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2011-01-26 12:43:18 | 000,241,664 | ---- | M] () -- c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll MOD - [2011-01-26 12:43:18 | 000,066,560 | ---- | M] () -- c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll MOD - [2010-09-27 12:03:08 | 000,201,512 | ---- | M] () -- C:\WINNT\system32\vpnapi.dll MOD - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () -- C:\Program Files\OneClickInternet\WTGService.exe MOD - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe MOD - [2008-12-11 15:18:54 | 000,016,477 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgUicl.msg MOD - [2008-12-11 15:13:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrvps.dll MOD - [2008-12-11 15:12:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtlps.Dll MOD - [2008-12-11 15:11:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll MOD - [2008-12-11 15:11:20 | 000,016,482 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_INFO0409.dll MOD - [2008-12-11 15:10:30 | 000,082,016 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_ERR0409.dll MOD - [2008-12-11 15:10:30 | 000,053,344 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_MSG0409.dll MOD - [2008-06-12 09:23:16 | 000,297,984 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\CatSystem2.dll MOD - [2008-04-18 16:56:18 | 000,311,296 | ---- | M] () -- C:\WINNT\system32\siecaces.dll MOD - [2008-03-20 11:17:48 | 000,106,496 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libiax2.dll MOD - [2008-03-20 11:17:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libjb.dll MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libcurl.dll MOD - [2007-04-16 14:01:06 | 000,184,320 | ---- | M] () -- C:\WINNT\system32\gmp4_2_1.dll MOD - [2007-03-17 17:02:02 | 000,491,520 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\boost_regex-vc80-mt-1_34.dll MOD - [2007-03-17 16:11:42 | 000,184,320 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\boost_serialization-vc80-mt-1_34.dll MOD - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2011-03-11 00:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010-10-15 03:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2010-10-15 03:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2010-09-27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010-07-23 16:34:26 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () [Auto | Running] -- C:\Program Files\OneClickInternet\WTGService.exe -- (WTGService) SRV - [2010-01-07 21:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009-10-01 15:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra) Qualcomm Gobi 2000 Download Service (Sierra) SRV - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009-09-18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-08-01 00:11:22 | 001,807,608 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009-07-21 01:00:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009-06-19 22:21:22 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008-12-11 15:13:00 | 000,163,931 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv) SRV - [2008-12-11 15:12:24 | 000,114,773 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl) SRV - [2008-07-02 14:25:52 | 000,607,744 | ---- | M] (Siemens AG) [Auto | Running] -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe -- (CatSystemSvc) SRV - [2007-02-02 11:11:30 | 000,208,384 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINNT\system32\DWRCS.EXE -- (DWMRCS) SRV - [2005-09-12 14:18:39 | 000,077,824 | ---- | M] (Siemens Sp. z o.o.) [Auto | Running] -- C:\Program Files\Siemens\AdminSeal\AdminSeal_service.exe -- (AdminSeal) SRV - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe -- (CBBS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-03-29 07:46:45 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2011-07-12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter) DRV - [2011-07-12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter) DRV - [2011-07-12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2010-11-09 05:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010-09-27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010-08-03 08:43:12 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010-07-23 16:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010-07-23 16:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010-07-23 16:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2010-03-01 15:41:57 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2010-01-07 08:32:26 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Impcd.sys -- (Impcd) DRV - [2009-11-27 16:16:48 | 000,215,040 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009-10-28 01:00:00 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-10-28 01:00:00 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-10-28 01:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-10-16 01:00:00 | 000,101,848 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS) DRV - [2009-09-23 01:00:00 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R) DRV - [2009-09-18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009-09-15 12:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009-08-01 01:10:26 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009-07-27 01:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2009-07-27 01:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2009-07-21 01:00:00 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009-07-07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009-06-23 17:21:20 | 000,069,352 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009-06-19 10:57:56 | 000,048,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009-06-19 10:57:42 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009-06-18 14:43:26 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009-06-17 12:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte) DRV - [2009-06-11 15:05:00 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009-05-20 17:15:32 | 003,485,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009-05-20 11:23:36 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008-12-11 15:20:14 | 000,019,712 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\AES256.sys -- (AES-256) DRV - [2008-12-11 15:20:08 | 000,063,488 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SGEFLT.sys -- (SgeFlt) DRV - [2008-11-16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\dne2000.sys -- (DNE) DRV - [2008-10-20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd) DRV - [2008-04-14 05:51:44 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\acpi.sys -- (ACPI) DRV - [2007-12-14 01:00:00 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007-01-18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2004-01-17 01:00:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001-08-01 22:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\fuj02b1.sys -- (FUJ02B1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.siemens.pl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {34457E82-8AB6-4930-BBC5-172592CE241C} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2012-05-02 11:00:10 | 000,013,614 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 165.226.210.247 qacrm.onedb.net # Changed/controlled by mosaic O1 - Hosts: 165.226.210.157 usdfswdsm1 usdfswdsm1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.158 usdfswdsm2 usdfswdsm2.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.187 usdfswdsw1 usdfswdsw1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.188 usdfswdsw2 usdfswdsw2.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.156 usdfswdsd1 usdfswdsd1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.246 crm.onedb.net O1 - Hosts: 165.226.210.167 usdfswpsm1 usdfswpsm1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.171 usdfswpsm2 usdfswpsm2.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.189 usdfswpsw1 usdfswpsw1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.190 usdfswpsw2 usdfswpsw2.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.166 usdfswpsd1 usdfswpsd1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 146.254.237.49 fthw9gia O1 - Hosts: 146.254.237.50 fthw9gja O1 - Hosts: 146.254.237.51 fthw9h0a O1 - Hosts: 146.254.237.97 pkgn3p0d O1 - Hosts: 146.254.237.5 by2z89 O1 - Hosts: 146.254.237.5 by2z89.diag.local O1 - Hosts: 146.254.237.6 by3z23 O1 - Hosts: 146.254.237.6 by3z23.diag.local O1 - Hosts: 146.254.237.8 byzp0v O1 - Hosts: 146.254.237.8 byzp0v.diag.local O1 - Hosts: 146.254.237.54 DS-DCN3P O1 - Hosts: 140.231.111.201 au-diagmapps01.diag.local au-diagmapps01 O1 - Hosts: 139 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [SGEBackup] C:\Program Files\Utimaco\SafeGuard Easy\CALLSGEBACKUP.VBS () O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG) O4 - HKLM..\Run: [snp2uvc] C:\WINNT\System32\csnp2uvc.dll ( ) O4 - HKLM..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG) O4 - HKCU..\Run: [CatUserRun] C:\Program Files\CatPC\bin\exec32.exe () O4 - HKCU..\Run: [Siemens_HS] C:\Documents and Settings\z00269rd\Local Settings\Siemens_HS\hs.exe (Siemens Sp. z o.o.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Siebel TrickleSync.lnk = C:\SIEBEL77\WEB CLIENT\BIN\autosync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O9 - Extra Button: eBRITE Desktop - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\eBRITE Desktop\eBRITE Desktop File not found O9 - Extra 'Tools' menuitem : &eBRITE Desktop - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\eBRITE Desktop\eBRITE Desktop File not found O15 - HKLM\..Trusted Domains: microsoft.com ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: sap.com ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: sap-ag.de ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: siemens.net ([]* in Local intranet) O15 - HKLM\..Trusted Domains: sitest.net ([]* in Local intranet) O16 - DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} http://crm.onedb.net/eMedical_deu/18393/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework) O16 - DPF: {7066F4E2-EABF-4F73-90E6-F01D18000F56} http://cs.med.siemens.de/Product_Information/DX_Systems/CAI/Chemistry/Dimension_Vista/CB-DOC/swservice/plugins/Annotation.cab (Annotation Control) O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://documentum-us.corp-am.corp.dom/dcm/wdk/native/WdkPluginCab.CAB (DmDragDrop Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pl001.siemens.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CBE5EB-2FAF-45C8-A8FF-C2BAAF9EB973}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (CatUInit) - C:\WINNT\System32\CatUInit.exe (Siemens AG) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-01-26 11:59:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4897f6cf-c31e-11e0-81c5-d857b3aefad4}\Shell - "" = AutoRun O33 - MountPoints2\{4897f6cf-c31e-11e0-81c5-d857b3aefad4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d03e015e-4d65-11e0-819d-58946b39a58c}\Shell - "" = AutoRun O33 - MountPoints2\{d03e015e-4d65-11e0-819d-58946b39a58c}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2012-05-02 17:28:54 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\z00269rd\Desktop\OTL.exe [2012-05-02 16:51:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-17 14:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Desktop\ulotki [2012-04-16 15:01:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\z00269rd\Desktop\CB-DOC [2012-04-16 13:13:58 | 000,000,000 | ---D | C] -- C:\CB-DOC-DDL [2012-04-16 13:10:43 | 000,000,000 | ---D | C] -- C:\Downloaded_CB-DOCs [2012-03-29 07:46:45 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys [2012-03-29 07:46:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll [2012-03-29 07:46:44 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll [2012-03-22 18:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2012-03-22 18:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Application Data\Canneverbe_Limited [2012-03-14 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Desktop\pen [2012-03-12 15:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\SapWorkDir [2012-03-08 00:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Desktop\KK [2012-02-24 22:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Desktop\Dimension ExL [2012-02-09 00:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\Identities [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2012-05-02 18:21:32 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\z00269rd\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2012-05-02 18:17:00 | 000,000,890 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job [2012-05-02 18:10:21 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2012-05-02 18:09:04 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\z00269rd\RECYCLER [2012-05-02 18:07:48 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\z00269rd\ntuser.ok [2012-05-02 18:07:32 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job [2012-05-02 18:03:59 | 000,000,509 | ---- | M] () -- C:\WINNT\SMSCFG.ini [2012-05-02 18:02:24 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2012-05-02 18:02:22 | 2000,072,704 | -HS- | M] () -- C:\hiberfil.sys [2012-05-02 17:28:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z00269rd\Desktop\OTL.exe [2012-05-02 17:12:48 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2012-05-02 17:12:09 | 000,228,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2012-05-02 11:00:15 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\z00269rd\Application Data\Microsoft\Internet Explorer\Quick Launch\eBRITE AutoSync.lnk [2012-05-02 10:23:14 | 000,016,823 | ---- | M] () -- C:\WINNT\cfgall.ini [2012-04-28 10:25:54 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\WAW010158NB z00269rd.lnk [2012-04-27 10:29:12 | 000,254,588 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\informator2012.pdf [2012-04-22 22:54:10 | 000,102,400 | ---- | M] () -- C:\WINNT\RegBootClean.exe [2012-04-20 14:55:01 | 000,730,534 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\14410U.pdf [2012-04-17 18:34:18 | 000,055,524 | RHS- | M] () -- C:\Documents and Settings\z00269rd\ntuser.pol [2012-04-17 17:26:53 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-17 17:18:31 | 000,001,417 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\Troubleshooting.lnk [2012-04-16 12:02:50 | 000,000,059 | ---- | M] () -- C:\WINNT\wpd99.drv [2012-04-13 22:24:58 | 000,001,809 | ---- | M] () -- C:\WINNT\imsins.BAK [2012-04-13 10:16:02 | 000,913,408 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\ADVIA1200_v3.2_10.04.2012_xlt [2012-03-31 21:22:16 | 000,518,570 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2012-03-31 21:22:16 | 000,093,376 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2012-03-29 07:46:45 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys [2012-03-29 07:46:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll [2012-03-29 07:46:44 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll [2012-03-21 19:30:15 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\map_drive.zip [2012-03-12 11:16:54 | 000,899,056 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\TRF.pdf [2012-03-12 09:41:39 | 000,155,532 | ---- | M] () -- \\plwawz0102dat\z00269rd$\My Documents\PARA_ETOH_2_10379749A_1650_V3_EN.pdf [2012-03-12 09:36:47 | 000,158,022 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2012-03-01 12:21:38 | 000,908,499 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\Fast Facts.pdf [2012-02-15 09:17:12 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat [2012-02-09 11:14:44 | 000,002,110 | ---- | M] () -- \\plwawz0102dat\z00269rd$\My Documents\Default.rdp [2012-02-03 11:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\win32k.sys [2012-02-03 11:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\win32k.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-02 17:39:28 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\z00269rd\RECYCLER [2012-05-02 17:31:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\z00269rd\ntuser.ok [2012-04-28 10:25:54 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\WAW010158NB z00269rd.lnk [2012-04-27 10:29:12 | 000,254,588 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\informator2012.pdf [2012-04-20 14:55:01 | 000,730,534 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\14410U.pdf [2012-04-17 17:17:59 | 000,001,417 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\Troubleshooting.lnk [2012-04-11 16:39:19 | 000,913,408 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\ADVIA1200_v3.2_10.04.2012_xlt [2012-04-03 22:12:06 | 000,029,419 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\P5040062.JPG [2012-03-21 19:30:15 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\map_drive.zip [2012-03-13 13:09:57 | 000,102,400 | ---- | C] () -- C:\WINNT\RegBootClean.exe [2012-03-12 11:16:54 | 000,899,056 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\TRF.pdf [2012-03-01 16:01:58 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll [2012-03-01 16:01:58 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\dllcache\iacenc.dll [2012-03-01 12:21:38 | 000,908,499 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\Fast Facts.pdf [2012-01-17 12:31:28 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini [2012-01-14 19:35:17 | 000,000,068 | ---- | C] () -- C:\WINNT\Awpr.ini [2011-11-01 16:57:29 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini [2011-11-01 16:57:27 | 000,881,664 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll [2011-11-01 16:57:26 | 000,205,824 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll [2011-11-01 16:57:26 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll [2011-10-17 23:24:40 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\unrar.dll [2011-07-27 14:22:30 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll [2011-07-27 14:22:30 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll [2011-07-27 14:22:29 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll [2011-07-27 14:22:29 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll [2011-07-27 14:22:29 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll [2011-04-29 23:11:59 | 000,000,000 | ---- | C] () -- C:\WINNT\DevItem.INI [2011-04-25 15:28:39 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat [2011-04-24 21:21:46 | 000,153,418 | ---- | C] () -- C:\WINNT\hpoins14.dat [2011-04-24 21:21:46 | 000,002,000 | ---- | C] () -- C:\WINNT\hpomdl14.dat [2011-03-25 14:27:13 | 000,008,761 | ---- | C] () -- C:\WINNT\System32\DWRCS.INI [2011-03-20 20:55:53 | 000,000,000 | ---- | C] () -- C:\WINNT\winawsvr.INI [2011-03-20 12:37:18 | 000,000,000 | ---- | C] () -- C:\WINNT\AUTOSTRT.INI [2011-03-13 15:03:36 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll [2011-03-13 15:03:36 | 000,000,059 | ---- | C] () -- C:\WINNT\wpd99.drv [2011-03-13 13:36:12 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat [2011-03-09 19:27:52 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-08 15:34:58 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\fusioncache.dat [2011-01-30 12:34:47 | 000,002,291 | ---- | C] () -- C:\WINNT\saplogon.ini [2011-01-30 12:34:47 | 000,000,749 | ---- | C] () -- C:\WINNT\sapmsg.ini [2011-01-26 19:49:47 | 000,874,032 | ---- | C] () -- C:\WINNT\System32\igkrng575.bin [2011-01-26 19:49:44 | 000,127,896 | ---- | C] () -- C:\WINNT\System32\igcompkrng575.bin [2011-01-26 19:49:44 | 000,004,096 | ---- | C] ( ) -- C:\WINNT\System32\IGFXDEVLib.dll [2011-01-26 19:47:31 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat [2011-01-26 19:47:24 | 000,518,570 | ---- | C] () -- C:\WINNT\System32\perfh009.dat [2011-01-26 19:47:24 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat [2011-01-26 19:47:24 | 000,093,376 | ---- | C] () -- C:\WINNT\System32\perfc009.dat [2011-01-26 19:47:24 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat [2011-01-26 19:47:22 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat [2011-01-26 19:47:20 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin [2011-01-26 19:47:17 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat [2011-01-26 19:47:05 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat [2011-01-26 19:47:05 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin [2011-01-26 19:46:45 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat [2011-01-26 19:46:33 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin [2011-01-26 15:58:39 | 000,016,823 | ---- | C] () -- C:\WINNT\cfgall.ini [2011-01-26 14:50:25 | 003,485,952 | ---- | C] () -- C:\WINNT\System32\drivers\snp2uvc.sys [2011-01-26 14:50:25 | 000,196,608 | ---- | C] ( ) -- C:\WINNT\System32\csnp2uvc.dll [2011-01-26 14:50:25 | 000,028,544 | ---- | C] () -- C:\WINNT\System32\drivers\sncduvc.sys [2011-01-26 14:50:25 | 000,015,497 | ---- | C] () -- C:\WINNT\snp2uvc.ini [2011-01-26 14:50:23 | 000,239,616 | ---- | C] ( ) -- C:\WINNT\System32\rsnp2uvc.dll [2011-01-26 14:47:56 | 000,000,151 | ---- | C] () -- C:\WINNT\System32\GfxUI.exe.config [2011-01-26 12:53:17 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI [2011-01-26 12:52:46 | 000,228,800 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT [2011-01-26 12:11:55 | 000,000,509 | ---- | C] () -- C:\WINNT\SMSCFG.ini [2011-01-26 12:07:04 | 000,221,184 | ---- | C] () -- C:\WINNT\System32\zLibDll.dll [2011-01-26 12:07:04 | 000,122,880 | ---- | C] () -- C:\WINNT\System32\zLibDllA.dll [2011-01-26 12:05:54 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI [2011-01-26 12:01:16 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat [2011-01-26 11:57:41 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat [2010-09-27 12:03:08 | 000,201,512 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll [2010-09-27 11:57:26 | 000,197,416 | ---- | C] () -- C:\WINNT\System32\CSGina.dll < End of report >