OTL logfile created on: 2011-01-04 17:41:58 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\DKD'nt\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): G:\pagefile.sys 3072 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,42 Gb Total Space | 15,76 Gb Free Space | 64,53% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 55,61 Gb Free Space | 81,35% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 9,81 Gb Free Space | 14,35% Space Free | Partition Type: NTFS Drive F: | 51,76 Gb Total Space | 12,16 Gb Free Space | 23,49% Space Free | Partition Type: NTFS Drive G: | 19,97 Gb Total Space | 13,21 Gb Free Space | 66,17% Space Free | Partition Type: NTFS Computer Name: DKD-B2D57264D4C | User Name: DKD'nt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-04 17:25:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DKD'nt\Pulpit\OTL.exe PRC - [2010-11-01 18:48:54 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2010-04-17 10:29:56 | 000,619,784 | ---- | M] (http://tortoisesvn.net) -- G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe PRC - [2010-01-29 22:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2010-01-27 12:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- G:\ProgramFiles2\nod32\ekrn.exe PRC - [2009-09-11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- G:\ProgramFiles2\nod32\egui.exe PRC - [2008-07-15 23:54:40 | 000,390,984 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe PRC - [2008-07-15 23:38:10 | 000,883,528 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-04-09 04:36:38 | 010,913,320 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe PRC - [2006-11-13 15:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 15:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2005-03-14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe PRC - [2003-05-29 14:33:34 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wtablet\TabUserW.exe PRC - [2003-05-29 14:26:06 | 000,618,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe PRC - [2001-08-31 13:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-04 17:25:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DKD'nt\Pulpit\OTL.exe MOD - [2008-08-05 15:51:12 | 000,722,248 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll MOD - [2003-05-29 14:19:00 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-11-01 18:48:54 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010-02-12 21:43:42 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-01-29 22:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010-01-08 17:34:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009-09-11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- G:\ProgramFiles2\nod32\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- G:\ProgramFiles2\nod32\ekrn.exe -- (ekrn) SRV - [2008-07-15 23:54:40 | 000,390,984 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\ProgramFiles2\msoffice2007pl\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-09-29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- G:\ProgramFiles2\3dmax9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) SRV - [2005-03-14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003-05-29 14:26:06 | 000,618,496 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RadProbe.sys -- (RadProbe) DRV - [2010-02-11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-12-02 14:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009-11-10 12:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009-11-10 12:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009-11-10 12:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009-10-20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009-09-11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-09-11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-09-11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-02-13 20:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008-07-11 15:42:08 | 000,033,408 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt) DRV - [2008-07-11 15:41:28 | 000,673,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox) DRV - [2008-06-30 17:16:14 | 000,234,640 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore) DRV - [2008-06-30 17:16:00 | 000,030,864 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2005-08-18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\ProgramFiles2\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [2004-12-24 11:07:48 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd) DRV - [2002-10-16 10:57:04 | 000,084,529 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\si3112r.sys -- (Si3112r) DRV - [2002-09-23 10:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) DRV - [2002-09-06 11:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2002-08-13 21:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc) DRV - [2001-08-31 13:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [2001-08-14 15:17:52 | 000,775,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM) DRV - [2001-07-11 11:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM) DRV - [2001-04-09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\penclass.sys -- (PenClass) DRV - [1999-12-17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-73586283-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-73586283-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-73586283-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:2.01 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\ProgramFiles2\firefox\components [2010-12-11 12:00:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\ProgramFiles2\firefox\plugins [2010-12-11 12:00:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: G:\ProgramFiles2\nod32\Mozilla Thunderbird [2010-03-07 15:07:49 | 000,000,000 | ---D | M] [2010-03-07 13:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Extensions [2011-01-02 12:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Firefox\Profiles\010z1iyl.default\extensions [2010-10-29 12:01:31 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Firefox\Profiles\010z1iyl.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010-07-02 14:27:16 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Firefox\Profiles\010z1iyl.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010-12-13 10:25:27 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Firefox\Profiles\010z1iyl.default\extensions\firebug@software.joehewitt.com [2010-12-23 01:49:20 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mozilla\Firefox\Profiles\010z1iyl.default\extensions\toolbar@alexa.com O1 HOSTS File: ([2010-12-06 11:49:33 | 000,000,818 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 bumspec.localhost O1 - Hosts: 127.0.0.1 auto-bum.localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\ProgramFiles2\AcrobatReader7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\ProgramFiles2\msoffice2007pl\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O4 - HKLM..\Run: [egui] G:\ProgramFiles2\nod32\egui.exe (ESET) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.) O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-73586283-117609710-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.) O4 - Startup: C:\Documents and Settings\DKD'nt\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-73586283-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: + Offline &Explorer: Download the link - G:\ProgramFiles2\Offline Explorer\Add_UrlO.htm () O8 - Extra context menu item: + Offline E&xplorer: Download the current page - G:\ProgramFiles2\Offline Explorer\Add_AllO.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - G:\ProgramFiles2\msoffice2007pl\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\ProgramFiles2\msoffice2007pl\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\ProgramFiles2\msoffice2007pl\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\ProgramFiles2\msoffice2007pl\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\ProgramFiles2\msoffice2007pl\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\ProgramFiles2\msoffice2007pl\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010-01-07 14:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-05 13:26:34 | 000,058,320 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{236454f5-140d-11df-9e48-00044b808003}\Shell\AutoRun\command - "" = J:\ws.exe -- File not found O33 - MountPoints2\{236454f5-140d-11df-9e48-00044b808003}\Shell\open\Command - "" = J:\ws.exe -- File not found O33 - MountPoints2\{c379b84f-fba3-11de-9e10-00265412e7de}\Shell\AutoRun\command - "" = J:\wfx062.exe -- File not found O33 - MountPoints2\{c379b84f-fba3-11de-9e10-00265412e7de}\Shell\open\Command - "" = J:\wfx062.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-04 17:25:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DKD'nt\Pulpit\OTL.exe [2011-01-04 09:30:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DKD'nt\Recent [2011-01-03 22:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2010-12-31 13:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-12-30 12:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Google [2010-12-30 12:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DKD'nt\Ustawienia lokalne\Dane aplikacji\Temp [2010-12-30 12:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-12-30 12:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010-12-30 12:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DKD'nt\Ustawienia lokalne\Dane aplikacji\Google [2010-12-29 14:46:56 | 000,234,640 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys [2010-12-29 14:45:42 | 000,673,920 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys [2010-12-29 14:45:42 | 000,030,864 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys [2010-12-29 14:45:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt [2010-12-29 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum [2010-12-29 13:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum [2010-12-21 18:42:01 | 000,000,000 | ---D | C] -- C:\download [2010-12-21 18:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Offline Explorer [2010-12-21 18:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DKD'nt\Menu Start\Programy\MetaProducts Offline Explorer [2010-12-21 17:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinPcap [2010-12-21 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [1998-10-14 16:03:00 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-04 17:40:03 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe [2011-01-04 17:31:16 | 000,004,722 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2011-01-04 17:25:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DKD'nt\Pulpit\OTL.exe [2011-01-04 12:01:24 | 000,000,909 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2011-01-04 09:33:48 | 000,015,641 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat [2011-01-04 09:32:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-04 09:32:34 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011-01-03 23:36:41 | 000,013,225 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\dzierzawaStronyrtf.rtf [2011-01-03 23:24:51 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\Umowa_dzierzawy_powierzchni_pod_reklame.doc [2011-01-03 21:26:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-12-30 14:23:29 | 000,025,225 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\erka.pdf [2010-12-29 22:38:26 | 000,108,819 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\styczeń.rtf [2010-12-29 15:57:10 | 000,005,873 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuffBW.png [2010-12-29 15:55:23 | 000,007,356 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuff.png [2010-12-29 15:54:55 | 000,019,046 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuff.jpg [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010-12-23 15:21:46 | 000,006,500 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\galeria.jpg [2010-12-21 18:24:56 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\Offline Explorer.lnk [2010-12-21 17:10:00 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\-1 [2010-12-21 13:01:52 | 000,017,701 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\giełda.xlsx [2010-12-21 11:20:18 | 000,246,462 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\domeny.jpg [2010-12-21 10:15:58 | 000,133,055 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\domena.jpg [2010-12-20 01:16:38 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\Domeny.rtf [2010-12-17 13:27:08 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-12-16 19:51:40 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\stream.pls [2010-12-16 16:20:26 | 000,012,573 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\wMARHAT.xlsx [2010-12-15 21:31:42 | 000,003,884 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\infoGiełda.rtf [2010-12-14 18:58:14 | 000,363,641 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\bledy_popelniane_w_ebiznesie.pdf [2010-12-13 00:44:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-12-11 11:42:24 | 001,885,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-12-08 17:23:58 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\całość, 50 stron.docx.lnk [2010-12-06 11:49:33 | 000,000,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-12-05 21:26:19 | 000,015,219 | ---- | M] () -- C:\Documents and Settings\DKD'nt\Pulpit\uwagiAllstuff3.rtf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-04 17:40:03 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe [2011-01-03 23:36:41 | 000,013,225 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\dzierzawaStronyrtf.rtf [2011-01-03 23:24:49 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\Umowa_dzierzawy_powierzchni_pod_reklame.doc [2010-12-30 14:23:29 | 000,025,225 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\erka.pdf [2010-12-29 22:38:26 | 000,108,819 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\styczeń.rtf [2010-12-29 15:57:10 | 000,005,873 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuffBW.png [2010-12-29 15:55:23 | 000,007,356 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuff.png [2010-12-29 15:54:55 | 000,019,046 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\logoAllstuff.jpg [2010-12-29 14:45:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif [2010-12-23 15:21:46 | 000,006,500 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\galeria.jpg [2010-12-21 18:24:56 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\Offline Explorer.lnk [2010-12-21 17:10:00 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\-1 [2010-12-21 11:20:17 | 000,246,462 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\domeny.jpg [2010-12-21 10:15:58 | 000,133,055 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\domena.jpg [2010-12-20 01:16:38 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\Domeny.rtf [2010-12-17 13:27:08 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-12-16 19:52:10 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\stream.pls [2010-12-15 21:31:42 | 000,003,884 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\infoGiełda.rtf [2010-12-14 18:58:13 | 000,363,641 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\bledy_popelniane_w_ebiznesie.pdf [2010-12-13 13:15:55 | 000,017,701 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\giełda.xlsx [2010-12-08 17:23:58 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Pulpit\całość, 50 stron.docx.lnk [2010-03-31 16:00:23 | 000,001,092 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2010-03-31 13:42:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010-02-08 22:18:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2010-02-08 22:18:40 | 000,000,117 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2010-02-05 07:08:32 | 000,000,909 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2010-01-23 15:16:20 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600g.ini [2010-01-23 15:15:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600m.ini [2010-01-19 20:39:21 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-01-17 16:05:59 | 000,011,430 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Dane aplikacji\ex_log.txt [2010-01-12 13:47:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-12 13:47:24 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-08 14:35:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010-01-08 13:53:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DKD'nt\Dane aplikacji\$_hpcst$.hpc [2010-01-08 13:23:21 | 000,004,722 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-01-07 21:07:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010-01-07 14:35:20 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-10-20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [1999-05-07 10:12:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-12-29 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum [2010-03-06 14:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-11-01 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2010-01-08 16:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-12-31 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-01-08 14:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-04-01 09:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-01-08 00:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2010-01-07 21:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010-06-29 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\FileZilla [2010-09-01 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Imagenomic [2010-03-31 16:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Leadertech [2010-01-20 13:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Mobipocket [2010-08-31 19:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\NeatImage PS [2010-08-31 14:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\NeatImage SL [2010-10-17 20:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Notepad++ [2010-12-28 22:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Offline Explorer [2010-01-08 16:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Opera [2010-06-06 14:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\Subversion [2010-04-01 08:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DKD'nt\Dane aplikacji\URSoft [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010-12-27 23:01:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 < End of report >