OTL logfile created on: 3/4/2013 8:08:46 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop\sprawdznie combo\32 bity\OTL Windows XP Windows XP Embedded Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 765.97 Mb Total Physical Memory | 167.14 Mb Available Physical Memory | 21.82% Memory free 1.83 Gb Paging File | 1.23 Gb Available in Paging File | 67.21% Paging File free Paging file location(s): D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 8.01 Gb Total Space | 6.29 Gb Free Space | 78.63% Space Free | Partition Type: NTFS Drive D: | 21.81 Gb Total Space | 20.25 Gb Free Space | 92.84% Space Free | Partition Type: NTFS Computer Name: OEM-NIEPNN8FGEP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/03/03 00:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\sprawdznie combo\32 bity\OTL\OTL.exe PRC - [2011/12/06 14:42:24 | 001,757,184 | ---- | M] (UltraVNC) -- C:\Program Files\MagicInfo-i Premium\Client\UltraVNC\winvnc.exe PRC - [2011/12/06 14:07:14 | 000,274,432 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpAgent.exe PRC - [2011/12/06 14:06:42 | 000,212,992 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe PRC - [2011/12/06 14:02:38 | 000,184,320 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpFileTransfer.exe PRC - [2011/11/28 13:13:08 | 000,049,152 | ---- | M] (TODO: ) -- C:\Program Files\RemoteDisplayControl\RunRDC.exe PRC - [2011/11/28 13:09:56 | 000,626,688 | ---- | M] (Samsung Electronics) -- C:\Program Files\RemoteDisplayControl\RemoteDisplayControl.exe PRC - [2008/08/08 02:35:38 | 001,043,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/12/06 14:07:14 | 000,274,432 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpAgent.exe MOD - [2011/12/06 14:06:42 | 000,212,992 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe MOD - [2011/12/06 14:05:10 | 002,895,872 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpGUI.dll MOD - [2011/12/06 14:04:50 | 000,270,336 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpAgentDownload.dll MOD - [2011/12/06 14:04:34 | 000,057,344 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpMessageService.dll MOD - [2011/12/06 14:04:26 | 000,270,336 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpSchedule.dll MOD - [2011/12/06 14:04:12 | 000,131,072 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpJobSchedule.dll MOD - [2011/12/06 14:03:04 | 000,126,976 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_Basic.dll MOD - [2011/12/06 14:02:58 | 000,033,280 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_EXN.dll MOD - [2011/12/06 14:02:54 | 000,081,920 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_DefaultModel.dll MOD - [2011/12/06 14:02:50 | 000,090,112 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpRemoteAgent.dll MOD - [2011/12/06 14:02:48 | 000,022,016 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_VM.dll MOD - [2011/12/06 14:02:44 | 000,019,968 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_CMXN.dll MOD - [2011/12/06 14:02:38 | 000,184,320 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpFileTransfer.exe MOD - [2011/12/06 14:02:38 | 000,009,728 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\modelmos\Monitor_VWL.dll MOD - [2011/12/06 14:02:30 | 000,196,608 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpRemoteService.dll MOD - [2011/12/06 14:02:16 | 000,069,632 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\SysInfoSecu.dll MOD - [2011/12/06 14:02:08 | 000,184,320 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpChkLicense.dll MOD - [2011/12/06 14:02:08 | 000,061,440 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpDBData.dll MOD - [2011/12/06 14:01:58 | 000,045,568 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpMDC.dll MOD - [2011/12/06 14:01:54 | 000,167,936 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpTcpIp.dll MOD - [2011/12/06 14:01:52 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\MpUtil.dll MOD - [2011/12/06 14:01:46 | 000,364,544 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\McDB.dll MOD - [2011/12/06 14:01:38 | 000,090,112 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\McLcMgr.Dll MOD - [2011/12/06 14:01:34 | 000,512,000 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\McUtil.Dll MOD - [2011/12/06 14:01:26 | 000,015,360 | ---- | M] () -- C:\Program Files\MagicInfo-i Premium\Client\ChkSyncMaster.dll MOD - [2010/06/22 22:07:40 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/04/06 05:22:07 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll MOD - [2010/04/06 05:21:41 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll MOD - [2010/04/06 05:20:50 | 000,027,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll MOD - [2010/04/05 17:10:35 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll MOD - [2010/04/05 17:10:31 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll MOD - [2010/04/05 17:10:23 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll MOD - [2010/04/05 17:09:28 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll MOD - [2010/04/05 17:09:21 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll MOD - [2010/04/05 17:07:41 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\tssdis.exe -- (Tssdis) SRV - [2009/10/22 02:49:18 | 000,136,544 | -H-- | M] () [Disabled | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2008/04/13 20:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2008/04/13 20:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2008/04/13 20:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008/04/13 20:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2004/08/31 02:04:02 | 000,123,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\DUAgent.exe -- (DUAgent) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2010/06/22 23:00:06 | 005,068,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010/01/08 10:23:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2009/12/18 07:59:16 | 000,075,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fbwf.sys -- (FBWF) DRV - [2008/07/14 03:29:00 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/07/14 03:29:00 | 000,023,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\regflt.sys -- (RegFilter) DRV - [2008/06/19 19:16:44 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/04/17 07:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/04/14 17:12:38 | 003,688,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService) DRV - [2008/04/13 15:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/13 15:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 15:21:32 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmLane) DRV - [2008/04/13 15:21:32 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmElan) DRV - [2008/04/13 15:16:32 | 000,036,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTHPRINT.SYS -- (BTHprint) DRV - [2008/04/13 15:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 15:11:24 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2008/04/13 15:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006/10/26 05:08:52 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ewf.sys -- (EWF) DRV - [2004/10/14 23:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eyeonedp.sys -- (eyeonedp) DRV - [2004/08/31 02:03:54 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eltorito.sys -- (eltorito) DRV - [2001/08/17 12:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdspx.sys -- (TDSPX) DRV - [2001/08/17 12:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdipx.sys -- (TDIPX) DRV - [2001/08/17 12:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdasync.sys -- (TDASYNC) DRV - [2001/08/17 03:57:26 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga) DRV - [2001/08/17 03:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001/08/17 03:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001/08/17 03:52:34 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiprnt.sys -- (scsiprnt) DRV - [2001/08/17 03:48:50 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSRIFFWV.sys -- (MSRIFFWV) DRV - [2001/08/17 03:48:36 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSFSIO.sys -- (MSFSIO) DRV - [2001/08/17 03:47:02 | 000,352,256 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atmuni.sys -- (Atmuni) DRV - [2001/08/17 03:46:52 | 000,034,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rawwan.sys -- (Rawwan) DRV - [2001/08/17 03:46:46 | 000,031,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmepvc.sys -- (ATMEPVCP) DRV - [2001/08/17 03:46:46 | 000,031,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmepvc.sys -- (ATMEPVCM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsung.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsung.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsung.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.samsung.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsung.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.samsung.com IE - HKU\S-1-5-21-884467374-2951601646-1655779636-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.samsung.com IE - HKU\S-1-5-21-884467374-2951601646-1655779636-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-884467374-2951601646-1655779636-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-884467374-2951601646-1655779636-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) O1 HOSTS File: ([2013/03/01 08:48:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [RDC] C:\Program Files\RemoteDisplayControl\RunRDC.exe (TODO: ) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch MagicInfo-i Client.lnk = C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch UltraVNC.lnk = C:\Program Files\MagicInfo-i Premium\Client\UltraVNC\winvnc.exe (UltraVNC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-884467374-2951601646-1655779636-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-884467374-2951601646-1655779636-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-884467374-2951601646-1655779636-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-884467374-2951601646-1655779636-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-884467374-2951601646-1655779636-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.10.36 172.17.4.36 172.17.4.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}: DhcpNameServer = 172.17.10.36 172.17.4.36 172.17.4.30 O18 - Protocol\Handler\vnd.ms.radio - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows Embedded.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows Embedded.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/03/04 08:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\sprawdznie combo [2013/03/04 08:00:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2013/03/01 08:52:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/03/01 08:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013/03/01 08:46:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/03/01 08:45:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/03/01 08:45:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/03/01 08:45:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/03/01 08:45:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/03/01 08:45:29 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/03/01 08:45:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/01 08:45:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2013/03/01 08:45:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos [2013/03/01 08:45:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2013/03/01 08:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2010/04/05 11:49:51 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DUAgent.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/03/01 11:23:59 | 000,000,550 | ---- | M] () -- C:\WINDOWS\System32\mipp.tlf [2013/03/01 11:06:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/03/01 09:56:05 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Administrator\keymap.ini [2013/03/01 08:48:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/03/01 08:46:23 | 000,000,345 | RHS- | M] () -- C:\boot.ini [2013/03/01 08:41:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/03/01 10:29:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/03/01 10:05:01 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\mipp.tlf [2013/03/01 08:46:23 | 000,000,228 | ---- | C] () -- C:\Boot.bak [2013/03/01 08:46:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/03/01 08:45:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/03/01 08:45:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/03/01 08:45:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/03/01 08:45:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/03/01 08:45:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/12/12 08:55:44 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Administrator\keymap.ini [2010/04/05 17:08:45 | 000,057,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2010/04/05 17:07:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/07/14 03:29:44 | 001,497,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/08 18:56:36 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] < End of report >