OTL logfile created on: 2013-06-04 12:05:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\antyvir\Diagnostyka\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,83 Mb Total Physical Memory | 229,33 Mb Available Physical Memory | 44,89% Memory free 863,93 Mb Paging File | 597,78 Mb Available in Paging File | 69,19% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,70 Gb Total Space | 2,70 Gb Free Space | 25,21% Space Free | Partition Type: NTFS Drive D: | 23,68 Gb Total Space | 21,29 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Drive E: | 194,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1,86 Gb Total Space | 0,04 Gb Free Space | 2,01% Space Free | Partition Type: FAT Drive S: | 71,38 Gb Total Space | 59,90 Gb Free Space | 83,91% Space Free | Partition Type: NTFS Computer Name: IBM278 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-03-21 13:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\antyvir\Diagnostyka\OTL\OTL.exe PRC - [2009-12-07 00:19:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe PRC - [2009-11-08 23:37:42 | 000,012,800 | R--- | M] (http://www.hiren.info) -- E:\HBCD\WinTools\Autorun.exe PRC - [2009-09-08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2009-09-04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2009-09-04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2009-07-06 15:19:04 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2009-04-02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2008-08-18 13:25:00 | 000,300,944 | ---- | M] (CE-Infosys GmbH) -- C:\WINDOWS\system32\ceisvc.exe PRC - [2008-08-18 13:24:44 | 000,575,376 | ---- | M] (CE-Infosys) -- C:\Program Files\CE-Infosys\CompuSec\rme.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:10 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe PRC - [2003-10-11 02:07:02 | 000,053,248 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE PRC - [2003-08-28 20:11:24 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2003-08-08 00:57:52 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2003-07-11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2003-06-23 16:34:18 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2002-09-20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002-01-11 00:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2008-04-14 22:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2004-02-10 18:40:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll MOD - [2003-08-08 00:57:52 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2003-07-11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe MOD - [2003-07-04 08:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll MOD - [2003-06-23 16:34:18 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2002-05-03 17:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-05-12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2009-12-07 00:19:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service) SRV - [2009-09-04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2009-09-04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2009-07-15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009-07-06 15:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2008-08-18 13:25:00 | 000,300,944 | ---- | M] (CE-Infosys GmbH) [Auto | Running] -- C:\WINDOWS\system32\ceisvc.exe -- (CE-Infosys Security Service) SRV - [2003-10-11 02:07:02 | 000,053,248 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2003-07-11 18:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2002-09-27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc) SRV - [2002-09-20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-07-17 13:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2012-07-17 13:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2012-07-17 13:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2011-04-13 10:44:42 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2) DRV - [2010-07-19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010-07-19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010-07-19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2009-10-26 12:18:02 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009-07-15 18:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2008-08-18 13:25:10 | 000,401,504 | ---- | M] (CE-Infosys) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\csecw2k.sys -- (csecw2k) DRV - [2007-06-26 17:17:00 | 000,087,504 | ---- | M] (CE-Infosys) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\csfpc.sys -- (CSFPC) DRV - [2004-02-10 18:42:18 | 000,672,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003-10-24 01:35:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2003-10-24 01:35:00 | 000,008,831 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2003-10-11 02:07:02 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2003-10-11 02:07:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2003-09-12 11:21:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2003-08-21 17:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm) DRV - [2003-07-11 10:34:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR) DRV - [2003-06-27 17:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003-04-16 16:48:00 | 000,041,672 | ---- | M] (SchlumbergerSema) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R20V2W2K.sys -- (R20V2W2K) DRV - [2002-11-20 23:54:52 | 000,033,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2002-10-16 00:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1756970110-424611993-1575050150-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1756970110-424611993-1575050150-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1756970110-424611993-1575050150-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-05-28 07:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-05-28 07:57:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2003-04-16 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE () O4 - HKLM..\Run: [Disk Utility] C:\Program Files\CE-Infosys\CompuSec\be.exe () O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Removable Media Encryption] C:\Program Files\CE-Infosys\CompuSec\rme.exe (CE-Infosys) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [UC_Start] C:\IBMTOOLS\Updater\ucstartup.exe () O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk = D:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\lest3092.UKS-KALISZ\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk = D:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1756970110-424611993-1575050150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.12.80.221:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.12.80.221:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {14DF37B4-B1AD-4BD4-A855-56930AF822FF} https://www.giif.mofnet.gov.pl/giif/SIGIIFAX.cab (SIGIIFAX Control) O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://10.12.80.221:4343/officescan/console/html/AtxEnc.cab (Encrypt Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38136.4642013889 (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1 redirector) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E5EE81D5-C49F-45E5-B42F-0B7AEEDD047C} http://lph1n.lexpolonica.pl/lexpolonica/printTempl/export.cab (Druk Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.111 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CFE0B18-3280-4903-B48A-81048E52AD22}: DhcpNameServer = 192.168.1.111 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\1024 x 768 IBM EMEA Map.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\1024 x 768 IBM EMEA Map.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-05-28 23:40:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-11-19 20:09:46 | 000,000,199 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2013-05-10 18:45:02 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ] O33 - MountPoints2\{6dbbf742-b891-11d8-99e2-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{6dbbf742-b891-11d8-99e2-806d6172696f}\Shell\AutoRun\command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009-11-08 23:37:42 | 000,012,800 | R--- | M] (http://www.hiren.info) O33 - MountPoints2\{6dbbf742-b891-11d8-99e2-806d6172696f}\Shell\Option1\Command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009-11-08 23:37:42 | 000,012,800 | R--- | M] (http://www.hiren.info) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-06-04 09:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.UKS-KALISZ\Menu Start\Programy\Revo Uninstaller [2013-06-04 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013-05-28 07:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2013-05-28 07:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013-05-28 07:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013-05-24 08:19:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013-05-24 08:19:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-06-04 11:36:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-06-04 11:28:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-06-04 11:27:55 | 535,715,840 | -HS- | M] () -- C:\hiberfil.sys [2013-06-04 09:54:07 | 000,003,464 | ---- | M] () -- C:\Documents and Settings\Administrator.UKS-KALISZ\Moje dokumenty\Fixit50388.reg [2013-06-04 09:44:14 | 000,002,356 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-06-04 09:41:53 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator.UKS-KALISZ\Pulpit\Revo Uninstaller.lnk [2013-06-04 09:25:39 | 001,098,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon_JX.dll [2013-06-04 09:25:39 | 001,098,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2013-05-28 07:57:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2013-05-27 07:10:19 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-05-07 06:22:16 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-06-04 11:27:55 | 535,715,840 | -HS- | C] () -- C:\hiberfil.sys [2013-06-04 09:54:07 | 000,003,464 | ---- | C] () -- C:\Documents and Settings\Administrator.UKS-KALISZ\Moje dokumenty\Fixit50388.reg [2013-06-04 09:41:53 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator.UKS-KALISZ\Pulpit\Revo Uninstaller.lnk [2013-05-28 07:57:19 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2013-05-28 07:57:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2013-05-24 07:12:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013-05-24 07:12:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011-12-02 13:15:30 | 000,004,674 | ---- | C] () -- C:\WINDOWS\hpeins12.dat [2011-12-02 13:15:30 | 000,000,981 | ---- | C] () -- C:\WINDOWS\hpemdl12.dat [2009-10-26 14:18:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator.UKS-KALISZ\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2007-12-06 14:54:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-01-30 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.ux.pl2 [2013-06-04 09:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Wise Disk Cleaner [2009-10-26 11:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CE-Infosys [2004-05-29 00:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ibm [2012-09-05 07:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lest3092.UKS-KALISZ\Dane aplikacji\IBM [2013-06-04 07:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lest3092.UKS-KALISZ\Dane aplikacji\OpenOffice.ux.pl2 [2011-11-29 08:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lest3092.UKS-KALISZ\Dane aplikacji\TrueCrypt [color=#E56717]========== Purity Check ==========[/color] < End of report >