OTL logfile created on: 2012-11-14 19:42:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,82% Memory free 3,84 Gb Paging File | 3,64 Gb Available in Paging File | 94,89% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,63 Gb Total Space | 2,82 Gb Free Space | 15,15% Space Free | Partition Type: NTFS Drive D: | 18,63 Gb Total Space | 16,11 Gb Free Space | 86,48% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,56 Gb Free Space | 95,53% Space Free | Partition Type: FAT32 Computer Name: USER-6CC3E65A32 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-14 18:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2010-07-04 18:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010-07-04 18:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009-10-15 13:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009-10-15 13:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009-03-02 13:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-05-05 10:38:08 | 000,479,232 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink_RT2460\RaConfig.exe PRC - [2003-05-21 18:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-11-14 19:30:57 | 000,071,168 | RHS- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Temp\nodqq0.dll MOD - [2009-06-27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009-03-13 10:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll MOD - [2009-03-02 13:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-10-27 21:37:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010-07-04 18:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009-10-15 13:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009-03-02 13:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\DasBootF.SYS -- (DasBootF) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\DasBoot.SYS -- (DasBoot) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-11-14 19:30:45 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-10-04 12:45:13 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) DRV - [2010-06-14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010-04-27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-04-27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010-04-27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010-04-22 14:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010-03-26 11:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-11-18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-07-27 08:09:52 | 000,044,032 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009-02-12 11:57:44 | 000,107,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400) DRV - [2004-08-03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2002-09-28 23:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2002-09-28 23:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5D19605F-6FE4-4775-8193-D61E0EE1FC5C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKCU\..\SearchScopes\{75DB9ACF-4997-470e-B3D6-ECE262A331FF}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 21:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-27 21:37:29 | 000,000,000 | ---D | M] [2010-10-09 19:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Dane aplikacji\Mozilla\Extensions [2012-10-27 21:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-10-27 21:37:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-02-13 16:03:49 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-13 16:03:49 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-13 16:03:49 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-13 16:03:49 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-13 16:03:49 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-13 16:03:49 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Internet Research (Enabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jmlmanpnnbnpabnonijjmnmplnbfcgbf\1.1.0.1_0\npgemiusplugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2002-09-28 23:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RemoveNetPanel] C:\Program Files\NetPanel\Remove.exe (Gemius) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [nod32] C:\Documents and Settings\USER\Ustawienia lokalne\Temp\nodqq.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\Program Files\Ralink_RT2460\RaConfig.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE80B4E4-4BAA-4FAA-8AF8-D2A16921D32B}: NameServer = 192.168.10.254,194.204.159.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-10-04 17:04:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012-11-14 19:43:43 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-11-14 19:43:43 | 000,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-11-14 19:43:44 | 000,000,063 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0f02cec4-deb9-11df-ad4b-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{0f02cec4-deb9-11df-ad4b-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{0f02cec5-deb9-11df-ad4b-0080c6e8ec4f}\Shell\AutoRun\command - "" = G:\12gn6id2.exe O33 - MountPoints2\{0f02cec5-deb9-11df-ad4b-0080c6e8ec4f}\Shell\open\Command - "" = G:\12gn6id2.exe O33 - MountPoints2\{1886c520-6458-11e0-aebd-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{1886c520-6458-11e0-aebd-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{2bd77560-7f1b-11e0-af23-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{2bd77560-7f1b-11e0-af23-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{48249bb2-b530-11e0-b012-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{48249bb2-b530-11e0-b012-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{5c05cf58-80ae-11e1-b309-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{5c05cf58-80ae-11e1-b309-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{69981d60-b3fd-11e1-b411-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{69981d60-b3fd-11e1-b411-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{a594a06e-c155-11e1-b449-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{a594a06e-c155-11e1-b449-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{a8f2ea3c-8ad0-11e0-af4d-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{a8f2ea3c-8ad0-11e0-af4d-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{b88395ed-7831-11e1-b2e6-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{b88395ed-7831-11e1-b2e6-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{b937d6d4-7d81-11e0-af17-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{b937d6d4-7d81-11e0-af17-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{d20b1bcc-e50a-11df-ad55-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{d20b1bcc-e50a-11df-ad55-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{dc191b84-26f3-11e0-adff-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{dc191b84-26f3-11e0-adff-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{ecba5078-e608-11e0-b0c4-0080c6e8ec4f}\Shell - "" = AutoRun O33 - MountPoints2\{ecba5078-e608-11e0-b0c4-0080c6e8ec4f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{ecba5079-e608-11e0-b0c4-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{ecba5079-e608-11e0-b0c4-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{f1e39680-a3c3-11e1-b3b7-0080c6e8ec4f}\Shell\AutoRun\command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\{f1e39680-a3c3-11e1-b3b7-0080c6e8ec4f}\Shell\open\Command - "" = F:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\C\Shell\open\Command - "" = C:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O33 - MountPoints2\D\Shell\open\Command - "" = D:\12gn6id2.exe -- [2010-05-11 20:04:48 | 000,112,128 | RHS- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-14 19:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Pulpit\Stare dane programu Firefox [2012-11-14 17:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012-11-13 18:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\WINDOWS [2012-11-13 18:35:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-11-13 18:35:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Narzędzia administracyjne [2012-11-13 18:35:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2012-11-13 18:35:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-11-13 18:32:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DBBK [2012-11-13 18:28:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012-10-31 20:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\My Art [2012-10-31 13:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Wesoła szkoła i przyjaciele klasa 1 [2012-10-31 13:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Wesola szkola i przyjaciele klasa 1 [2012-10-27 21:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-14 19:45:00 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2012-11-14 19:35:02 | 000,771,818 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2012-11-14 19:35:02 | 000,358,734 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-11-14 19:35:02 | 000,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-11-14 19:35:02 | 000,050,556 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-11-14 19:35:02 | 000,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-11-14 19:30:45 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2012-11-14 19:30:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012-11-14 19:30:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-11-14 19:30:03 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT [2012-11-14 19:30:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2147157623-682003330-1003UA.job [2012-11-14 18:30:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-2147157623-682003330-1003Core.job [2012-11-14 17:53:11 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\USER\ntuser.ini [2012-11-14 17:53:05 | 003,757,842 | -H-- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\IconCache.db [2012-11-13 18:40:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-11-03 16:46:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-10-31 13:35:22 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Wesoła szkoła i przyjaciele.lnk [2012-10-16 14:55:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\USER\Kotek.JPG [2012-10-16 14:55:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\USER\Kotek 2.JPG [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-14 19:31:30 | 000,000,063 | RHS- | C] () -- C:\autorun.inf [2012-11-14 19:31:29 | 000,112,128 | RHS- | C] () -- C:\12gn6id2.exe [2012-10-31 13:35:22 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Wesoła szkoła i przyjaciele.lnk [2012-10-16 14:55:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Kotek.JPG [2012-10-16 14:55:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Kotek 2.JPG [2012-08-09 11:37:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Pelek_ T m N_ Waski_ Rokit - Nie Szukaj Mnie (prod. Waski).mp3 [2012-07-30 19:12:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\CIMG2639.JPG [2012-05-27 18:30:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Korab..jpg [2012-02-04 09:51:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-02-02 16:39:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\freestyle (1).JPG [2011-07-24 20:20:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\huh.jpg [2011-04-11 17:29:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011-03-27 10:11:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011-03-27 10:11:18 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011-03-27 10:11:13 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\$_hpcst$.hpc [2011-01-23 14:19:40 | 000,009,255 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2011-01-01 16:40:35 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-04 18:16:48 | 000,042,168 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-10-04 17:14:18 | 003,757,842 | -H-- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-10-04 17:09:21 | 000,000,292 | -HS- | C] () -- C:\Documents and Settings\USER\ntuser.ini [2010-10-04 17:09:19 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\USER\NTUSER.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-03 23:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-06-03 09:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite [2011-02-20 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-11-14 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NetPanel [2012-02-02 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-03-27 10:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2012-06-28 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Gadu-Gadu 10 [2012-02-02 14:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\OpenFM [2011-03-27 10:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Samsung [2011-05-15 18:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Tibia [color=#E56717]========== Purity Check ==========[/color] < End of report >