OTL logfile created on: 2012-12-07 15:12:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows Server 2003 Standard Edition Dodatek Service Pack 1 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
511,36 Mb Total Physical Memory | 300,57 Mb Available Physical Memory | 58,78% Memory free
1,22 Gb Paging File | 1,07 Gb Available in Paging File | 87,63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,07 Gb Total Space | 127,41 Gb Free Space | 86,05% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,74 Gb Total Space | 2,54 Gb Free Space | 67,95% Space Free | Partition Type: FAT32
 
Computer Name: SERWER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-12-07 15:13:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008-05-04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\U3\4317120A47D11845\LaunchPad.exe
PRC - [2006-06-06 02:35:18 | 001,052,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-06-06 02:35:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2008-05-04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\U3\4317120A47D11845\LaunchPad.exe
MOD - [2007-10-23 09:23:12 | 002,600,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\U3\4317120A47D11845\u3dapi10.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2009-02-17 09:28:25 | 000,457,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2009-01-15 10:37:46 | 000,154,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2008-08-20 19:12:22 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2006-06-06 02:35:18 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2006-06-06 02:35:18 | 000,216,064 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2006-06-06 02:35:18 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2006-06-06 02:35:18 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2006-06-06 02:35:18 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2006-06-06 02:35:18 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2006-06-06 02:35:18 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2006-06-06 02:35:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2006-06-06 02:35:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2006-06-06 02:35:18 | 000,036,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2006-06-06 02:35:18 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006-06-06 02:35:18 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2006-05-17 14:38:48 | 000,077,824 | ---- | M] (SEIKO EPSON Corp.) [Auto | Stopped] -- C:\WINDOWS\System32\EpStsSrv.exe -- (EPSON ESCPOS Status Service)
SRV - [2004-04-14 23:13:16 | 005,128,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2004-04-02 09:25:59 | 008,902,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2004-04-02 09:25:54 | 003,195,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2006-06-06 02:35:18 | 000,179,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2006-06-06 02:35:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2006-06-06 02:35:18 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2006-06-06 02:35:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2006-05-11 10:51:32 | 000,095,485 | ---- | M] (MK Systems CO., LTD.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ESDPDX01.SYS -- (Esdpdx01)
DRV - [2006-03-22 04:59:26 | 000,077,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xtouch.sys -- (xTouch)
DRV - [2006-02-16 08:20:58 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EGXFilter.sys -- (EGXFilter)
DRV - [2005-03-14 06:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2004-04-02 08:08:21 | 000,195,968 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-12-17 15:04:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-24 21:05:11 | 000,000,000 | ---D | M]
 
[2007-09-18 10:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\xdz4iz3y.default\extensions
[2012-10-21 15:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-06 18:08:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009-02-04 14:09:16 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011-11-06 18:08:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-02-04 14:08:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009-02-04 14:08:35 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009-02-04 14:08:35 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009-02-04 14:08:45 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009-02-04 14:08:46 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011-11-06 18:08:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009-02-04 14:09:16 | 000,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-02-04 14:09:16 | 000,001,419 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-02-04 14:09:16 | 000,000,926 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-02-04 14:09:16 | 000,000,866 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-02-04 14:09:16 | 000,001,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-02-04 14:09:16 | 000,001,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2006-06-06 02:35:18 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [ESDUSBMon.exe] C:\WINDOWS\system32\ESDUSBMon.exe (SEIKO EPSON Corp.)
O4 - HKLM..\Run: [Firebird] C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKLM..\Run: [ShutdownEventCheck] %systemroot%\system32\dumprep 0 -s File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()
O4 - HKCU..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smallbusiness.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{942F48AA-0668-45AB-86FD-F313D8DC7B2B}: NameServer = 194.204.159.1,194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-06-25 09:43:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-12-07 15:02:04 | 000,000,563 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{60f8e048-7680-11df-ac3e-001a92e0570a}\Shell\AutoRun\command - "" = E:\abk.bat
O33 - MountPoints2\{60f8e048-7680-11df-ac3e-001a92e0570a}\Shell\explore\Command - "" = E:\abk.bat
O33 - MountPoints2\{60f8e048-7680-11df-ac3e-001a92e0570a}\Shell\open\Command - "" = E:\abk.bat
O33 - MountPoints2\{60f8e04c-7680-11df-ac3e-001a92e0570a}\Shell\AutoRun\command - "" = E:\abk.bat
O33 - MountPoints2\{60f8e04c-7680-11df-ac3e-001a92e0570a}\Shell\explore\Command - "" = E:\abk.bat
O33 - MountPoints2\{60f8e04c-7680-11df-ac3e-001a92e0570a}\Shell\open\Command - "" = E:\abk.bat
O33 - MountPoints2\{612f65ac-5467-11dd-a7fe-001a92e0570a}\Shell - "" = AutoRun
O33 - MountPoints2\{612f65ac-5467-11dd-a7fe-001a92e0570a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
O33 - MountPoints2\{829d4250-fefd-11de-9e1e-001a92e0570a}\Shell\AutoRun\command - "" = E:\abk.bat
O33 - MountPoints2\{829d4250-fefd-11de-9e1e-001a92e0570a}\Shell\explore\Command - "" = E:\ -- File not found
O33 - MountPoints2\{829d4250-fefd-11de-9e1e-001a92e0570a}\Shell\open\Command - "" = E:\abk.bat
O33 - MountPoints2\{960804c4-fd7e-11df-ba3c-001a92e0570a}\Shell\AutoRun\command - "" = E:\abk.bat
O33 - MountPoints2\{960804c4-fd7e-11df-ba3c-001a92e0570a}\Shell\explore\Command - "" = E:\abk.bat
O33 - MountPoints2\{960804c4-fd7e-11df-ba3c-001a92e0570a}\Shell\open\Command - "" = E:\abk.bat
O33 - MountPoints2\{d21bb1f1-4251-11df-b5ec-001a92e0570a}\Shell\AutoRun\command - "" = E:\abk.bat
O33 - MountPoints2\{d21bb1f1-4251-11df-b5ec-001a92e0570a}\Shell\explore\Command - "" = E:\abk.bat
O33 - MountPoints2\{d21bb1f1-4251-11df-b5ec-001a92e0570a}\Shell\open\Command - "" = E:\abk.bat
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\abk.bat -- [2008-11-22 16:53:04 | 000,110,417 | RHS- | M] ()
O33 - MountPoints2\C\Shell\explore\Command - "" = C:\abk.bat -- [2008-11-22 16:53:04 | 000,110,417 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\abk.bat -- [2008-11-22 16:53:04 | 000,110,417 | RHS- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 08:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-12-07 15:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\U3
[2012-12-01 14:40:53 | 000,274,432 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-12-07 15:16:19 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2012-12-07 15:05:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-12-07 15:02:04 | 000,000,563 | RHS- | M] () -- C:\autorun.inf
[2012-12-07 15:02:03 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-12-07 15:01:31 | 000,085,504 | RHS- | M] () -- C:\WINDOWS\System32\gasretyw0.dll
[2012-12-07 14:42:33 | 000,003,160 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012-12-07 14:18:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-03 12:00:09 | 000,000,786 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{7a4af098-2305-11dc-bea2-806e6f6e6963}.job
[2012-12-01 15:00:22 | 000,970,254 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-12-01 15:00:21 | 000,899,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-12-01 15:00:21 | 000,270,072 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-12-01 15:00:18 | 000,242,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-12-01 14:43:25 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\runctf.lnk
[2012-12-01 14:40:53 | 000,274,432 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-12-01 14:43:23 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\runctf.lnk
[2012-12-01 14:40:56 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2011-12-18 16:40:34 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\Administrator\USB001
[2007-07-06 13:58:12 | 000,007,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\SmarThruOptions.xml
[2007-06-25 10:54:21 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2007-06-25 10:17:07 | 000,004,506 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2007-06-25 09:38:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006-09-23 13:13:00 | 001,515,008 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:43:19 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006-06-06 02:35:18 | 000,278,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >