OTL logfile created on: 2011-06-09 16:15:54 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Drill\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,48 Mb Total Physical Memory | 529,99 Mb Available Physical Memory | 69,06% Memory free 1,46 Gb Paging File | 1,19 Gb Available in Paging File | 81,59% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,65 Gb Total Space | 8,57 Gb Free Space | 45,96% Space Free | Partition Type: NTFS Drive D: | 18,65 Gb Total Space | 7,98 Gb Free Space | 42,82% Space Free | Partition Type: NTFS Computer Name: VOBIS | User Name: Drill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-06-09 16:13:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drill\Pulpit\OTL.exe PRC - [2011-04-27 19:27:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-04-07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- D:\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2011-03-16 18:01:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- D:\PC Tools Firewall Plus\FWService.exe PRC - [2010-11-03 18:51:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-06-09 16:13:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drill\Pulpit\OTL.exe MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-04-27 19:27:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-16 18:01:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- D:\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2008-06-20 12:08:08 | 000,065,536 | ---- | M] (France Telecom SA) [Disabled | Stopped] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-16 18:01:56 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011-03-02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2011-01-17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2011-01-17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw) DRV - [2011-01-12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010-11-22 18:04:57 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-07-08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP) DRV - [2010-07-08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis) DRV - [2009-11-21 16:38:36 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-08-22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\RivaTuner\RivaTuner32.sys -- (RivaTuner32) DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-03-01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2003-09-23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2002-03-12 03:57:00 | 000,043,776 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM) DRV - [2001-11-21 18:29:36 | 000,011,889 | ---- | M] (WayTech Development, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter) DRV - [2001-10-22 18:31:06 | 000,029,696 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5a.sys -- (FETNDIS) DRV - [2001-08-17 22:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001-08-17 22:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001-08-17 22:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001-08-17 22:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001-08-17 22:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001-08-17 22:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001-08-17 22:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001-08-17 22:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001-08-17 22:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) DRV - [2000-10-25 22:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT) DRV - [1999-08-30 19:49:56 | 000,003,680 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Iteio.sys -- (iteio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-839522115-854245398-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = wyborcza.pl/0,0.html?p=020 IE - HKU\S-1-5-21-1202660629-839522115-854245398-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll () IE - HKU\S-1-5-21-1202660629-839522115-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110419 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-08 21:16:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-08 21:16:50 | 000,000,000 | ---D | M] [2010-04-22 09:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Extensions [2011-05-12 11:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\extensions [2010-10-15 11:30:27 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011-04-08 14:01:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-10 11:47:58 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010-09-06 21:22:49 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Drill\Dane aplikacji\Mozilla\Firefox\Profiles\32gpmn7d.default\extensions\smartbookmarksbar@remy.juteau [2010-04-24 22:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2010-02-17 18:41:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-05-08 21:16:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011-05-08 21:16:37 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-05-08 21:16:37 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-17 11:40:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml [2011-05-08 21:16:37 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-05-08 21:16:37 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-05-08 21:16:37 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-05-08 21:16:37 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-05-31 21:10:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [00PCTFW] D:\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-839522115-854245398-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-839522115-854245398-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1202660629-839522115-854245398-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1202660629-839522115-854245398-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Drill\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Drill\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-16 17:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-06-09 16:13:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Drill\Pulpit\OTL.exe [2011-06-08 17:54:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Drill\Recent [2011-05-31 22:47:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-05-31 21:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011-05-31 20:56:05 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011-05-31 20:52:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011-05-31 20:52:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011-05-31 20:52:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011-05-31 20:52:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011-05-31 20:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011-05-31 20:46:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-05-31 20:46:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Drill\Menu Start\Programy\Narzędzia administracyjne [2011-05-31 20:42:18 | 004,109,019 | R--- | C] (Swearware) -- C:\Documents and Settings\Drill\Pulpit\ComboFix.exe [2011-05-28 14:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\Dane aplikacji\PCToolsFirewallPlus [2011-05-28 14:59:04 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2011-05-28 14:59:04 | 000,160,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2011-05-28 14:59:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2011-05-28 14:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PC Tools Firewall Plus [2011-05-28 14:58:11 | 000,089,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2011-05-28 14:58:11 | 000,057,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys [2011-05-28 14:58:11 | 000,032,808 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2011-05-28 14:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011-05-28 14:58:06 | 000,125,248 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2011-05-27 20:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\Menu Start\Programy\HiJackThis [2011-05-18 15:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\Dane aplikacji\gtk-2.0 [2011-05-18 15:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\.thumbnails [2011-05-18 15:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\.gimp-2.6 [2011-05-15 17:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drill\Dane aplikacji\Real [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-06-09 16:13:44 | 000,076,863 | ---- | M] () -- C:\Documents and Settings\Drill\Pulpit\otl3.png [2011-06-09 16:13:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drill\Pulpit\OTL.exe [2011-06-09 16:09:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Drill\Pulpit\cj9je7cw.exe [2011-06-09 14:45:22 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011-06-09 14:45:07 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-06-09 14:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-06-09 14:43:34 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys [2011-05-31 21:10:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-05-31 20:56:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011-05-31 20:42:41 | 004,109,019 | R--- | M] (Swearware) -- C:\Documents and Settings\Drill\Pulpit\ComboFix.exe [2011-05-31 20:02:47 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\Drill\Pulpit\HiJackThis.lnk [2011-05-31 12:08:55 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-05-29 18:01:35 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\Drill\Pulpit\iriver picture plus.lnk [2011-05-22 20:57:14 | 000,018,420 | ---- | M] () -- C:\Documents and Settings\Drill\Moje dokumenty\Kontakty_6086185.xml [2011-05-22 10:37:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-05-18 15:46:19 | 000,002,822 | ---- | M] () -- C:\Documents and Settings\Drill\.recently-used.xbel [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-09 16:13:43 | 000,076,863 | ---- | C] () -- C:\Documents and Settings\Drill\Pulpit\otl3.png [2011-06-09 16:09:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Drill\Pulpit\cj9je7cw.exe [2011-05-31 20:56:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011-05-31 20:56:13 | 000,262,400 | RHS- | C] () -- C:\cmldr [2011-05-31 20:52:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011-05-31 20:52:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011-05-31 20:52:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011-05-31 20:52:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011-05-31 20:52:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011-05-27 20:33:09 | 000,002,313 | ---- | C] () -- C:\Documents and Settings\Drill\Pulpit\HiJackThis.lnk [2011-05-18 15:46:19 | 000,002,822 | ---- | C] () -- C:\Documents and Settings\Drill\.recently-used.xbel [2011-04-13 12:09:59 | 000,001,378 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ss.ini [2011-04-13 11:59:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll [2011-01-04 22:32:34 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-01-04 22:29:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-10-22 17:00:00 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo.dll [2010-09-27 20:50:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2010-08-05 13:25:53 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-07-04 20:06:08 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010-07-04 14:09:09 | 000,000,542 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010-05-26 12:34:21 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2010-05-04 18:31:37 | 000,673,280 | ---- | C] () -- C:\WINDOWS\is-0HH9O.exe [2010-02-18 16:26:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-02-02 12:56:12 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2010-01-26 00:19:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RefreshLock.ini [2009-12-27 14:29:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\imgproc.dll [2009-11-18 21:46:08 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Drill\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-04 21:04:10 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-25 16:23:34 | 000,169,192 | ---- | C] () -- C:\WINDOWS\hpoins27.dat [2009-10-25 16:23:34 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat [2009-10-23 17:08:58 | 000,003,680 | R--- | C] () -- C:\WINDOWS\System32\drivers\Iteio.sys [2009-10-23 11:42:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009-10-23 09:39:42 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-23 09:21:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2009-10-23 09:21:19 | 000,003,000 | R--- | C] () -- C:\WINDOWS\System32\SetupNT.sys [2009-10-23 08:47:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-10-16 18:11:57 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-10-16 18:10:17 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-10-16 17:32:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009-10-16 17:26:41 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007-05-15 10:07:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\CSD_IRIVER_GEN.DLL [2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006-10-22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006-10-22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2002-09-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002-09-23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002-09-23 14:00:00 | 000,355,830 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2002-09-23 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2002-09-23 14:00:00 | 000,311,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002-09-23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002-09-23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002-09-23 14:00:00 | 000,049,712 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2002-09-23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002-09-23 14:00:00 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002-09-23 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2002-09-23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002-09-23 14:00:00 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002-09-23 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002-09-23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2009-11-22 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2009-11-21 16:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-07-04 14:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeRIP [2010-08-01 12:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-08-31 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-10-23 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-06-09 14:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2011-02-10 11:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2010-10-22 16:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\BESTplayer [2009-12-05 12:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\DAEMON Tools Lite [2011-03-15 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\EAC [2010-08-26 10:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\Emisja [2011-03-29 22:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\fltk.org [2010-02-15 12:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\foobar2000 [2009-11-12 21:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\GlarySoft [2011-05-18 15:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\gtk-2.0 [2010-10-22 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\HamsterSoft [2010-08-31 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\ipla [2010-02-17 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\Leadertech [2010-02-21 18:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\Notepad++ [2010-11-05 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\OnLive App [2011-05-28 14:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\PCToolsFirewallPlus [2010-11-12 23:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drill\Dane aplikacji\uTorrent [2010-05-03 17:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\DAEMON Tools Lite [2010-01-03 15:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\foobar2000 [2010-01-01 13:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\Gadu-Gadu [2010-09-11 09:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\GlarySoft [2009-10-23 14:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\Nowe Gadu-Gadu [2009-10-23 14:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\OpenFM [2011-05-28 21:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JA\Dane aplikacji\PCToolsFirewallPlus [2010-08-25 08:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\SACore [2010-09-16 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\SACore [2011-06-09 14:45:22 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 < End of report >