OTL logfile created on: 2010-01-29 00:04:41 - Run 3 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 575,00 Mb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35,49 Gb Total Space | 25,41 Gb Free Space | 71,61% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 11,25 Gb Free Space | 28,81% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 10,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOM-CF1F683417C Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-01-27 06:38:08 | 00,548,864 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-01-06 20:00:30 | 00,908,248 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-12-21 14:23:49 | 00,813,056 | ---- | M] () – D:\Metin2_PL\metin2client.bin PRC - [2009-10-21 14:10:23 | 03,166,186 | ---- | M] () – D:\Metin2_PL\metin2.bin PRC - [2008-04-14 18:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 18:21:16 | 03,197,440 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe PRC - [2008-03-20 11:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-06-27 02:49:20 | 00,483,328 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-02-05 13:20:14 | 00,180,224 | ---- | M] () – C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe PRC - [2005-11-11 14:07:00 | 00,090,112 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE PRC - [2005-09-24 06:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2002-09-29 13:41:10 | 00,090,112 | ---- | M] (Y’z@Home) – C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe ========== Modules (SafeList) ========== MOD - [2010-01-27 06:38:08 | 00,548,864 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie\OTL.exe MOD - [2008-04-14 18:20:35 | 00,586,240 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\mlang.dll MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2005-08-14 00:26:14 | 00,065,536 | ---- | M] () – C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll MOD - [2002-09-29 13:41:08 | 00,057,344 | ---- | M] () – C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.dll ========== Win32 Services (SafeList) ========== SRV - [2007-06-29 20:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] – C:\WINDOWS\system32\ati2sgag.exe – (ATI Smart) SRV - [2007-06-27 02:49:20 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] – C:\WINDOWS\system32\ati2evxx.exe – (Ati HotKey Poller) SRV - [2005-08-02 22:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] – C:\Program Files\WinPcap\rpcapd.exe – (rpcapd) Remote Packet Capture Protocol v.0 (experimental) ========== Driver Services (SafeList) ========== DRV - [2009-07-17 17:19:23 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd) DRV - [2009-03-17 15:18:38 | 00,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard) DRV - [2008-11-04 03:52:38 | 00,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018mdm.sys – (s1018mdm) DRV - [2008-11-04 03:52:38 | 00,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018mgmt.sys – (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV - [2008-11-04 03:52:38 | 00,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018bus.sys – (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV - [2008-11-04 03:52:38 | 00,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018nd5.sys – (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV - [2008-11-04 03:52:38 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018mdfl.sys – (s1018mdfl) DRV - [2008-11-04 03:52:36 | 00,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018unic.sys – (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV - [2008-11-04 03:52:36 | 00,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s1018obex.sys – (s1018obex) DRV - [2008-04-13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmnt.sys – (nm) DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv) DRV - [2007-06-27 02:58:16 | 02,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag) DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20) DRV - [2005-11-22 14:44:00 | 03,804,416 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXWDM.SYS – (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-08-02 22:10:13 | 00,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\npf.sys – (NPF) DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink) DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2004-05-18 14:55:26 | 00,074,112 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\viamraid.sys – (viamraid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - prefs.js…browser.search.useDBForOrder: true FF - prefs.js…extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js…extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8 FF - prefs.js…extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:0.9 FF - prefs.js…extensions.enabledItems: redshift_V2@shift-themes.com:3.0 FF - prefs.js…keyword.URL: “http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=” FF - prefs.js…network.proxy.backup.ftp: “91.121.91.61 3128” FF - prefs.js…network.proxy.backup.ftp_port: 3128 FF - prefs.js…network.proxy.backup.gopher: “91.121.91.61 3128” FF - prefs.js…network.proxy.backup.gopher_port: 3128 FF - prefs.js…network.proxy.backup.socks: “91.121.91.61 3128” FF - prefs.js…network.proxy.backup.socks_port: 3128 FF - prefs.js…network.proxy.backup.ssl: “91.121.91.61 3128” FF - prefs.js…network.proxy.backup.ssl_port: 3128 FF - prefs.js…network.proxy.ftp: “91.121.91.61 3128” FF - prefs.js…network.proxy.ftp_port: 3128 FF - prefs.js…network.proxy.gopher: “91.121.91.61 3128” FF - prefs.js…network.proxy.gopher_port: 3128 FF - prefs.js…network.proxy.http: “91.121.91.61 3128” FF - prefs.js…network.proxy.http_port: 3128 FF - prefs.js…network.proxy.share_proxy_settings: true FF - prefs.js…network.proxy.socks: “91.121.91.61 3128” FF - prefs.js…network.proxy.socks_port: 3128 FF - prefs.js…network.proxy.ssl: “91.121.91.61 3128” FF - prefs.js…network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-01-18 19:12:08 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-06 20:00:37 | 00,000,000 | —D | M] [2009-07-17 17:07:48 | 00,000,000 | —D | M] – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions [2010-01-28 12:42:16 | 00,000,000 | —D | M] – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions [2010-01-05 00:52:25 | 00,000,000 | —D | M] (FlashGot) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-12-28 17:41:32 | 00,000,000 | —D | M] (Bloody Red) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{2458abc0-f443-11dd-87af-0800200c9a66} [2009-11-22 23:43:10 | 00,000,000 | —D | M] (Fire.fm) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2009-09-20 19:17:19 | 00,000,000 | —D | M] (ImTranslator) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2009-09-29 21:04:47 | 00,000,000 | —D | M] (FireFTP) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009-07-23 20:22:13 | 00,000,000 | —D | M] (ReminderFox) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010-01-09 13:54:05 | 00,000,000 | —D | M] (Adblock Plus) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-12 20:00:43 | 00,000,000 | —D | M] (DownThemAll!) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009-12-28 17:45:05 | 00,000,000 | —D | M] – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\extensions\redshift_V2@shift-themes.com [2009-11-21 12:40:23 | 00,001,979 | ---- | M] () – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\tzrjz20k.default\searchplugins\wrzuta.xml [2010-01-19 19:55:17 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions [2009-08-31 13:39:32 | 00,636,408 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll [2009-08-31 13:39:50 | 00,636,408 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPBILLARD9.dll [2009-08-31 13:40:00 | 00,620,040 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPBILLARDT.dll [2009-08-31 13:11:24 | 00,927,232 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll [2009-07-16 17:23:08 | 00,882,176 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPDARTS.dll [2009-07-08 11:19:22 | 00,120,296 | ---- | M] ( ) – C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2009-08-31 13:11:30 | 00,685,552 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll [2009-08-27 17:37:26 | 00,599,552 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPPOKER.dll [2009-08-27 17:36:42 | 00,591,352 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll [2009-08-31 13:40:12 | 00,636,408 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll [2009-08-31 13:11:06 | 00,669,176 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPWORDS.dll [2009-07-15 20:00:25 | 00,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-15 20:00:25 | 00,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-15 20:00:25 | 00,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-15 20:00:25 | 00,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-15 20:00:25 | 00,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-15 20:00:25 | 00,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 00,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O4 - HKLM…\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found O4 - HKLM…\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM…\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM…\Run: [systemProtect2] C:\Program Files\Nowe Media\Strażnik Ucznia\syslock.exe File not found O4 - HKCU…\Run: [RocketDock] C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe () O4 - HKCU…\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe () O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Y’z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe (Y’z@Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.) O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows … 3683056894 (WUWebControl Class) O16 - DPF: {83AFB5CA-11D4-ED35-A452-0080C8D85045} http://cached.gamedesire.com/g_bin/pl/p … 0_0_52.cab (GameDesire Poker Games) O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} http://cached.gamedesire.com/g_bin/pl/p … 0_0_50.cab (GameDesire Poker Games) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {FDDBE2B8-4AD8-6602-946D-94C5A32FA6C1} http://cached.gamedesire.com/g_bin/pl/b … 0_0_40.cab (GameDesire Pool 8) O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} http://cached.gamedesire.com/g_bin/pl/b … 0_0_36.cab (GameDesire Pool 8) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-07-17 14:38:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS] O32 - AutoRun File - [2009-08-05 18:26:50 | 00,000,000 | RHSD | M] - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-08-05 18:26:50 | 00,000,000 | RHSD | M] - D:\autorun.inf – [NTFS] O32 - AutoRun File - [2008-06-03 19:46:20 | 00,114,688 | R— | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe – [CDFS] O32 - AutoRun File - [2008-05-27 15:40:14 | 00,000,045 | R— | M] () - G:\AUTORUN.INF – [CDFS] O33 - MountPoints2{198c119e-9ee7-11de-bc8e-00142ab10764}\Shell - “” = AutoRun O33 - MountPoints2{198c119e-9ee7-11de-bc8e-00142ab10764}\Shell\AutoRun\command - “” = G:\AutoRun.exe – [2008-06-03 19:46:20 | 00,114,688 | R— | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] – “%1” %* O35 - exefile [open] – “%1” %* ========== Files/Folders - Created Within 30 Days ========== [2010-01-28 23:57:43 | 00,000,000 | —D | C] – C:_OTL [2010-01-24 20:10:58 | 00,000,000 | -HSD | C] – C:\Documents and Settings\Właściciel\Recent [2010-01-22 16:05:16 | 00,000,000 | -HSD | C] – C:\Documents and Settings\Właściciel\UserData [2010-01-21 15:58:45 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-01-17 00:34:06 | 00,471,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\aclayers.dll [2010-01-07 19:27:45 | 00,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusb.dll [2010-01-07 19:27:44 | 00,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusd.dll [2009-12-26 20:59:38 | 00,148,736 | ---- | C] (Avanquest Software) – C:\Documents and Settings\All Users\Dane aplikacji\hpe18.dll [2009-12-25 10:14:08 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-12-25 10:12:46 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-12-25 10:12:46 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-12-25 10:12:46 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft ========== Files - Modified Within 30 Days ========== [2010-01-28 23:59:01 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT [2010-01-28 23:58:57 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat [2010-01-28 23:58:03 | 04,194,304 | -H-- | M] () – C:\Documents and Settings\Właściciel\NTUSER.DAT [2010-01-28 23:58:03 | 00,000,188 | -HS- | M] () – C:\Documents and Settings\Właściciel\ntuser.ini [2010-01-28 22:16:06 | 00,009,655 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\sss.JPG [2010-01-28 22:09:25 | 00,017,505 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\ss.JPG [2010-01-28 19:20:57 | 00,748,854 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\procesy…bmp [2010-01-28 12:29:34 | 00,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl [2010-01-25 23:12:16 | 04,840,658 | -H-- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-01-24 20:22:45 | 00,000,703 | ---- | M] () – C:\WINDOWS\win.ini [2010-01-19 18:47:32 | 02,128,896 | ---- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cooliris-win-ie-release-1.11.7.31969.en-US.msi [2010-01-17 20:05:41 | 00,015,360 | ---- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-17 03:12:49 | 00,000,797 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\YouTube Downloader.lnk [2010-01-17 00:58:07 | 00,457,678 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat [2010-01-17 00:58:07 | 00,401,064 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat [2010-01-17 00:58:07 | 00,079,188 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat [2010-01-17 00:58:07 | 00,062,344 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat [2010-01-17 00:58:05 | 01,012,668 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI [2010-01-11 19:21:04 | 00,001,373 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\sss.m3u [2010-01-03 22:53:31 | 00,569,509 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\DSC00003.JPG [2010-01-03 22:53:31 | 00,010,052 | ---- | M] () – C:\Documents and Settings\Właściciel.recently-used.xbel [2009-12-30 22:26:48 | 02,130,944 | ---- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cooliris-win-ie-release-1.11.6.31225.en-US.msi ========== Files Created - No Company Name ========== [2010-01-28 22:16:06 | 00,009,655 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\sss.JPG [2010-01-28 22:09:25 | 00,017,505 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\ss.JPG [2010-01-28 19:20:57 | 00,748,854 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\procesy…bmp [2010-01-17 03:12:48 | 00,000,797 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\YouTube Downloader.lnk [2010-01-11 19:21:04 | 00,001,373 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\sss.m3u [2010-01-11 00:33:27 | 02,128,896 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cooliris-win-ie-release-1.11.7.31969.en-US.msi [2010-01-03 22:53:31 | 00,010,052 | ---- | C] () – C:\Documents and Settings\Właściciel.recently-used.xbel [2010-01-03 22:50:50 | 00,569,509 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\DSC00003.JPG [2009-12-26 01:06:45 | 00,000,000 | ---- | C] () – C:\Documents and Settings\Właściciel\Dane aplikacji\initdebug.nfo [2009-12-17 00:04:16 | 02,130,944 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cooliris-win-ie-release-1.11.6.31225.en-US.msi [2009-11-07 00:32:54 | 00,017,339 | ---- | C] () – C:\Documents and Settings\Właściciel\Dane aplikacji\hs_err_pid1660.log [2009-10-25 23:22:39 | 00,000,097 | ---- | C] () – C:\WINDOWS\System32\PICSDK.ini [2009-10-25 23:19:34 | 00,000,026 | ---- | C] () – C:\WINDOWS\CDE DX4000.ini [2009-10-16 15:55:50 | 02,124,288 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cooliris-win-ie-release-1.11.5.29501.en-US.msi [2009-07-31 02:36:45 | 00,000,151 | ---- | C] () – C:\WINDOWS\PhotoSnapViewer.INI [2009-07-23 15:08:27 | 00,015,360 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-18 11:00:49 | 00,000,135 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-07-17 21:15:01 | 00,000,116 | ---- | C] () – C:\WINDOWS\NeroDigital.ini [2009-07-17 17:47:14 | 00,000,349 | ---- | C] () – C:\WINDOWS\wincmd.ini [2009-07-17 17:19:23 | 00,717,296 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys [2009-07-17 16:33:21 | 00,579,090 | ---- | C] () – C:\WINDOWS\System32\x264vfw.dll [2009-07-17 16:33:20 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll [2009-07-17 16:33:20 | 00,856,064 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll [2009-07-17 16:33:20 | 00,217,088 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll [2009-07-17 16:33:19 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-07-17 16:33:18 | 00,005,120 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll [2009-07-17 16:14:04 | 00,157,184 | R— | C] () – C:\WINDOWS\System32\RTLCPAPI.dll [2009-07-17 14:41:21 | 00,000,996 | ---- | C] () – C:\WINDOWS\System32\OEMINFO.INI [2009-06-19 19:06:22 | 00,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll [2009-06-19 19:06:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll [2005-08-02 22:24:01 | 00,053,299 | ---- | C] () – C:\WINDOWS\System32\pthreadVC.dll [1996-04-03 20:33:26 | 00,005,248 | ---- | C] () – C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 < End of report >