OTL logfile created on: 2011-05-09 00:52:31 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Leszek\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 503,00 Mb Total Physical Memory | 75,00 Mb Available Physical Memory | 15,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 26,23 Gb Free Space | 65,56% Space Free | Partition Type: NTFS Drive D: | 34,49 Gb Total Space | 29,10 Gb Free Space | 84,37% Space Free | Partition Type: NTFS Drive F: | 10,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HAMAS-E28E0ABC1 | User Name: Leszek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-05-09 00:49:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leszek\Pulpit\OTL.exe PRC - [2011-04-30 00:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-03-25 11:52:49 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMService.exe PRC - [2011-03-25 11:52:49 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe PRC - [2011-02-07 01:16:28 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe PRC - [2011-02-04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe PRC - [2010-12-16 07:19:28 | 012,984,928 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2009-03-17 17:18:32 | 003,276,800 | ---- | M] () -- C:\Program Files\iPlus\iPlusManager.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-05-09 00:49:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leszek\Pulpit\OTL.exe MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (gupdate) Usługa Google Update (gupdate) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-03-25 11:52:49 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (KMService) SRV - [2011-02-07 01:16:28 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2010-03-25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-20 20:05:12 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011-02-12 17:55:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-10-14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009-10-02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-09-14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009-09-01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2009-03-17 17:18:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006-04-17 10:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005-03-04 05:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-789336058-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1 IE - HKU\S-1-5-21-789336058-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://ie8.gazeta.pl/internet_explorer_8/0,0.html?ie=1 IE - HKU\S-1-5-21-789336058-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-789336058-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.pl/0,0.html?sc=1 IE - HKU\S-1-5-21-789336058-299502267-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: " " FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: mybrazil@gentil.net:1.0 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-30 00:18:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-13 01:25:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-04-20 17:58:45 | 000,000,000 | ---D | M] [2011-02-07 18:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Extensions [2011-04-23 21:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions [2011-04-02 02:38:23 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-05-08 23:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions\DTToolbar@toolbarnet.com [2011-04-02 02:39:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions\engine@conduit.com [2011-02-27 17:37:52 | 000,000,000 | ---D | M] (MyBrazil) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions\mybrazil@gentil.net [2011-02-27 17:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\extensions\mybrazil@gentil.net\mozapps\extensions [2011-02-08 23:36:08 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\searchplugins\conduit.xml [2011-02-12 17:57:23 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Leszek\Dane aplikacji\Mozilla\Firefox\Profiles\tajgr85q.default\searchplugins\daemon-search.xml [2011-04-02 01:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-02-07 23:35:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-07 19:13:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-15 01:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-07 23:54:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2011-02-07 19:12:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-04-30 00:17:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-04-02 02:33:55 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-04-02 02:33:56 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-04-02 02:33:56 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-04-02 02:33:56 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-04-02 02:33:56 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-04-02 02:33:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - File not found O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKU\S-1-5-21-789336058-299502267-839522115-1004..\Run: [Odkurzacz-SCD] C:\Program Files\Odkurzacz\odk_scd.exe (Franmo Software) O4 - HKU\S-1-5-21-789336058-299502267-839522115-1004..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-299502267-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Leszek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leszek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-02-06 21:15:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-06-03 20:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008-05-27 16:40:14 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1c146012-3230-11e0-a28b-00138fc87b6a}\Shell - "" = AutoRun O33 - MountPoints2\{1c146012-3230-11e0-a28b-00138fc87b6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008-06-03 20:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-05-09 00:49:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leszek\Pulpit\OTL.exe [2011-05-08 23:38:42 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Leszek\Pulpit\tdsskiller.exe [2011-05-08 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leszek\Pulpit\bootkit_remover [2011-05-04 00:56:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp [2011-04-28 22:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pity Format 2010 [2011-04-28 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pity Format 2010 [2011-04-24 00:27:13 | 227,190,984 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Leszek\Pulpit\OfficeSTD.exe [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-05-09 00:49:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leszek\Pulpit\OTL.exe [2011-05-08 23:57:50 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\efh23ejh.exe [2011-05-08 23:38:57 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Leszek\Pulpit\tdsskiller.exe [2011-05-08 21:53:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\MBRCheck.exe [2011-05-08 18:40:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-05-08 18:40:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-05-08 02:58:06 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Leszek\ntuser.dat [2011-05-07 19:44:49 | 000,016,940 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\indeks4.jpeg [2011-05-04 20:52:25 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2011-05-04 20:24:06 | 000,005,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-05-04 20:24:06 | 000,005,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2011-05-04 02:43:53 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-05-04 00:45:46 | 000,463,502 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-05-04 00:45:46 | 000,408,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-05-04 00:45:46 | 000,069,074 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-05-04 00:45:46 | 000,055,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-05-04 00:38:16 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011-04-28 22:52:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Pity Format 2010.lnk [2011-04-26 22:30:18 | 000,061,840 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\Obraz.jpeg [2011-04-26 21:40:42 | 000,062,210 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\Obraz(1).jpeg [2011-04-24 02:56:05 | 227,190,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Leszek\Pulpit\OfficeSTD.exe [2011-04-20 20:05:12 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2011-04-17 00:47:21 | 003,281,657 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\Alfa_Romeo_159_katalog.pdf [2011-04-16 23:27:51 | 002,295,833 | ---- | M] () -- C:\Documents and Settings\Leszek\Pulpit\Punto_Evo_katalog_ogolny.pdf [2011-04-15 02:06:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-04-13 01:25:59 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-05-08 23:57:41 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\efh23ejh.exe [2011-05-08 21:53:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\MBRCheck.exe [2011-05-07 19:44:47 | 000,016,940 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\indeks4.jpeg [2011-05-04 00:38:16 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2011-04-28 22:52:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Pity Format 2010.lnk [2011-04-26 23:09:11 | 000,062,210 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\Obraz(1).jpeg [2011-04-26 23:08:53 | 000,061,840 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\Obraz.jpeg [2011-04-17 00:47:20 | 003,281,657 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\Alfa_Romeo_159_katalog.pdf [2011-04-16 23:27:51 | 002,295,833 | ---- | C] () -- C:\Documents and Settings\Leszek\Pulpit\Punto_Evo_katalog_ogolny.pdf [2011-03-25 11:53:49 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMService.exe [2011-03-25 11:53:48 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe [2011-02-12 17:55:52 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2011-02-08 23:06:39 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2011-02-08 03:43:06 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-02-08 03:26:02 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2011-02-08 01:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\quartzXP.dll [2011-02-08 01:20:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2011-02-08 01:20:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2011-02-08 01:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2011-02-08 01:20:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2011-02-08 01:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011-02-08 00:21:26 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Leszek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-07 23:39:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011-02-07 22:11:00 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-02-07 22:10:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-02-07 22:10:53 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-02-07 22:10:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-02-07 22:10:52 | 000,000,590 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2011-02-07 21:10:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2011-02-07 21:10:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2011-02-07 21:10:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll [2011-02-07 18:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-02-07 01:38:52 | 000,070,760 | ---- | C] () -- C:\Documents and Settings\Leszek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-02-06 23:30:50 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011-02-06 23:30:50 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011-02-06 21:53:23 | 001,004,074 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-02-06 21:53:21 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-02-06 21:51:42 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-06 21:48:04 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2011-02-06 21:48:04 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011-02-06 21:38:14 | 000,004,580 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011-02-06 21:38:13 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011-02-06 21:33:40 | 005,881,320 | -H-- | C] () -- C:\Documents and Settings\Leszek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-02-06 21:22:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-02-06 21:15:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2011-02-06 21:12:07 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2011-02-06 21:11:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2011-02-06 21:08:21 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-02-06 21:08:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2011-02-06 21:08:03 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2011-02-06 21:05:47 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2011-02-06 21:05:45 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-09-09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 14:00:00 | 000,463,502 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 14:00:00 | 000,408,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2006-03-02 14:00:00 | 000,069,074 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 14:00:00 | 000,055,316 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2011-02-09 01:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ALLConverter [2011-02-12 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-02-07 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-02-07 22:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2011-02-06 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\Codeton [2011-02-16 19:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\DAEMON Tools Lite [2011-02-07 23:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\Gadu-Gadu 10 [2011-03-29 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\ipla [2011-03-17 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\iPlus [2011-02-07 22:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\RDRM [2011-04-05 02:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leszek\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011-02-24 17:12:06 | 000,000,000 | ---D | M](C:\WINDOWS\System32\-?ystemroot%) -- C:\WINDOWS\System32\-“ystemroot% [2011-02-24 17:12:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\-?ystemroot%) -- C:\WINDOWS\System32\-“ystemroot% < End of report >