Aktualizacje na programosy.pl:
Pixel Rea • Chromium • Kaspersky Rescue Disk • Vim • FreeMeter • Syncovery • DriverStoreExplorer • Far Manager • YT Downloader
-
- Ogłoszenie:
Win 32/rootkit.agent.nus
9 posty(ów) • Strona 1 z 1
Win 32/rootkit.agent.nus
przez noli_tangere 27 Sty 2012, 18:19
- noli_tangere
- ~user
- Posty: 5
- Dołączenie: 27 Sty 2012, 17:17
Win 32/rootkit.agent.nus
przez Mikou@j 27 Sty 2012, 18:24
noli_tangere napisał(a):jestem kompletnie zielony w tym temacie...
Co nie zwalnia z obowiązku przeczytania i zastosowania się do obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html (2 logi otl + log z gmera należy wstawić)
Autor postu otrzymał pochwałę
ASUS TUF Gaming FX505DT R5-3550H/16GB || XBOX ONE + LG 43UJ6307 || Nintendo Switch ||
"Nothing is true, everything is permitted"
NIE POMAGAM NA PW
"Nothing is true, everything is permitted"
NIE POMAGAM NA PW
-
Mikou@j - »ekspert
- Posty: 12734
- Dołączenie: 03 Sty 2006, 21:48
- Miejscowość: Katowice
- Pochwały: 1007
-
Win 32/rootkit.agent.nus
przez noli_tangere 27 Sty 2012, 18:57
tak, masz racje. juz sie stosuje i robie logi:)
Dodano Dzisiaj, 18:29:
Dodano Dzisiaj, 18:30:
Dodano Dzisiaj, 20:06:
Dodano Dzisiaj, 18:29:
- Kod: Zaznacz wszystko
OTL logfile created on: 1/27/2012 6:08:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\peter\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.84% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 19.45 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
Drive D: | 26.21 Gb Total Space | 7.70 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
Computer Name: DDQZYKB1 | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/01/27 17:58:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
PRC - [2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
PRC - [2012/01/27 17:42:23 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\peter\Local Settings\Temp\clclean.0001
PRC - [2012/01/03 21:40:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/11/28 11:48:54 | 005,837,800 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/09 04:07:22 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/07/21 11:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2006/05/25 00:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 15:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 15:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 15:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/25 05:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 14:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
PRC - [2006/02/16 15:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2006/01/02 23:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 16:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2003/09/10 08:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
MOD - [2012/01/27 17:42:23 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\peter\Local Settings\Temp\clclean.0001.dir.0004\~df394b.tmp
MOD - [2012/01/03 21:40:25 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/23 19:00:10 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/11/27 15:34:31 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/11/27 15:34:31 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/11/27 15:34:31 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2009/11/27 15:34:31 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/11/27 15:34:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/11/27 15:34:31 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/11/27 15:34:31 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/11/27 15:34:30 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/11/17 13:34:12 | 000,151,552 | ---- | M] () -- C:\Program Files\Tlen.pl\libgadu.dll
MOD - [2008/11/13 10:33:40 | 000,033,792 | ---- | M] () -- C:\Program Files\Tlen.pl\languages\polish.dll
MOD - [2008/08/05 12:46:38 | 000,061,464 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenSMS.tpl
MOD - [2008/07/22 08:49:48 | 000,075,800 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\FileTM.tpl
MOD - [2008/07/22 08:49:40 | 000,106,520 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\File.tpl
MOD - [2008/07/22 08:49:36 | 000,093,208 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Voice.tpl
MOD - [2008/07/22 08:49:30 | 000,195,096 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Video.tpl
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/19 13:20:08 | 000,017,408 | ---- | M] () -- C:\Program Files\Tlen.pl\hook.dll
MOD - [2008/06/19 13:15:54 | 000,030,720 | ---- | M] () -- C:\Program Files\Tlen.pl\libutil2.dll
MOD - [2008/06/19 13:15:46 | 000,139,264 | ---- | M] () -- C:\Program Files\Tlen.pl\libexpat2.dll
MOD - [2008/04/14 01:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/01/15 15:57:06 | 000,349,720 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Tlenofon.tpl
MOD - [2007/10/05 14:00:58 | 000,181,248 | ---- | M] () -- C:\Program Files\Tlen.pl\libutil.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/17 10:36:00 | 000,048,176 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenDostep.tpl
MOD - [2007/09/17 10:36:00 | 000,031,768 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenNewsy.tpl
MOD - [2006/06/29 12:12:00 | 001,355,042 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2006/05/25 00:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/05/01 15:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 15:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 15:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/03/10 17:49:30 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/18 10:33:58 | 000,054,784 | ---- | M] () -- C:\Program Files\Tlen.pl\libs\libexpat.dll
MOD - [2003/09/10 08:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2003/03/20 22:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax
MOD - [2003/01/30 05:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\Tlen.pl\stlpmt45.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/14 01:12:36 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\nsysaudm.dll -- (pcidrv)
SRV - [2006/09/09 04:07:22 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/05/01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2009/09/11 07:26:24 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/09/11 07:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/09 06:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/25 00:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/25 00:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/25 00:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/25 00:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/25 00:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/25 00:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 23:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 23:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 20:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/01 15:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 05:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/25 05:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/04 13:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 21:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 21:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 21:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 22:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 09:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 09:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 09:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 15:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 16:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 16:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 15:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/02/13 22:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = w3cache.duna.pl:8080
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: gacela2@nurago.com:10.1.502
FF - prefs.js..network.proxy.http: "211.142.211.40"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 21:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 07:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/11/21 21:58:23 | 000,000,000 | ---D | M]
[2008/08/26 21:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peter\Application Data\Mozilla\Extensions
[2012/01/27 08:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions
[2012/01/10 19:33:43 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/01/13 21:55:48 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2008/06/13 22:31:59 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\askcom.xml
[2010/04/11 13:08:30 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn---sownik-jzyka-polskiego.xml
[2012/01/25 21:27:03 | 000,001,274 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn-sjp.xml
[2012/01/25 21:27:03 | 000,001,255 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn-so.xml
[2011/11/10 23:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 21:40:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/06 22:16:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:03:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Green Christmas Tree] C:\Documents and Settings\peter\Desktop\Choinka.exe File not found
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Tlen.pl] C:\Program Files\Tlen7\tlen7.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..Trusted Domains: itvp.pl ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..Trusted Domains: mks.com.pl ([]http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} http://arcaonline.arcabit.com/ArcaOnline.cab (MainControl Class)
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab (MainControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MainControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4964/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513FCABB-8CE8-44FB-87A9-1DE42473C18E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 10:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0088ca7a-1066-11dd-81bf-0015c5a717aa}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{0088ca7a-1066-11dd-81bf-0015c5a717aa}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell - "" = AutoRun
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell - "" = AutoRun
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell - "" = AutoRun
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/01/27 17:58:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
[2012/01/27 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/27 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Application Data\TestApp
[2012/01/27 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/27 11:42:01 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\peter\Desktop\antizeroaccess.exe
[2012/01/27 01:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/27 01:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Local Settings\Application Data\ESET
[2012/01/27 01:05:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peter\Local Settings\Application Data\17863da1
[2012/01/20 14:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Desktop\dom Slawka nowe
[2010/03/19 20:14:31 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/01/27 18:04:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0D6CADA3-4D61-4B0A-8C89-6FBA3763C078}.job
[2012/01/27 17:59:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/27 17:58:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
[2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
[2012/01/27 17:43:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 17:42:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 17:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/27 17:42:10 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 17:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 17:39:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\peter\defogger_reenable
[2012/01/27 17:38:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Defogger.exe
[2012/01/27 16:18:11 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2012/01/27 12:09:35 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/01/27 11:45:59 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/01/27 11:42:03 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\peter\Desktop\antizeroaccess.exe
[2012/01/27 10:44:51 | 000,000,204 | -HS- | M] () -- C:\WINDOWS\8495829drv.spi
[2012/01/26 01:14:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/22 00:34:21 | 002,317,822 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Coma - Los cebula i krokodyle zy High quality.mp3
[2012/01/21 00:35:11 | 004,976,779 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Bakke, Posthumanizm.pdf
[2012/01/21 00:29:10 | 000,778,441 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Nagel, Nauka i zdrowy rozsadek.pdf
[2012/01/21 00:27:25 | 000,458,926 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Camus, Czlowiek zbuntowany.pdf
[2012/01/13 00:37:12 | 003,906,740 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Gotye- Somebody That I Used To Know feat Kimbra.mp3
[2012/01/10 20:29:18 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 20:29:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 19:52:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/03 03:09:25 | 004,709,222 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Massive Attack - Paradise Circus.mp3
[2012/01/02 19:10:10 | 002,856,912 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\2012_01_01_obwieszczenia.pdf
[2012/01/01 19:45:50 | 095,019,042 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\2.avi
[2012/01/01 19:00:40 | 081,046,116 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Jasnowidz wie, co nas czeka w 2012 roku.avi
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/01/27 17:51:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
[2012/01/27 17:39:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\peter\defogger_reenable
[2012/01/27 17:38:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Defogger.exe
[2012/01/27 11:36:48 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 10:44:51 | 000,000,204 | -HS- | C] () -- C:\WINDOWS\8495829drv.spi
[2012/01/27 01:07:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/22 00:34:21 | 002,317,822 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Coma - Los cebula i krokodyle zy High quality.mp3
[2012/01/21 00:29:54 | 004,976,779 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Bakke, Posthumanizm.pdf
[2012/01/21 00:28:13 | 000,778,441 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Nagel, Nauka i zdrowy rozsadek.pdf
[2012/01/21 00:27:24 | 000,458,926 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Camus, Czlowiek zbuntowany.pdf
[2012/01/11 07:48:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 23:46:31 | 003,906,740 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Gotye- Somebody That I Used To Know feat Kimbra.mp3
[2012/01/03 03:01:36 | 004,709,222 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Massive Attack - Paradise Circus.mp3
[2012/01/02 19:10:10 | 002,856,912 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\2012_01_01_obwieszczenia.pdf
[2012/01/01 19:42:21 | 095,019,042 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\2.avi
[2012/01/01 18:57:48 | 081,046,116 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Jasnowidz wie, co nas czeka w 2012 roku.avi
[2010/04/21 14:21:12 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/04/21 14:04:35 | 000,179,572 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2010/04/21 14:04:35 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/03/30 19:05:37 | 000,179,195 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2010/03/30 19:05:36 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/03/30 06:44:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/19 20:05:48 | 000,692,744 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\unins000.exe
[2010/02/19 20:05:48 | 000,003,137 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\unins000.dat
[2008/09/07 22:09:43 | 000,001,093 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/03/06 17:49:08 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2008/03/06 17:49:08 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2006/12/15 22:37:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2006/11/25 16:54:29 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2006/11/20 15:24:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/10 17:16:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/10/17 14:18:40 | 000,002,245 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2006/10/09 20:05:36 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/10/09 20:05:36 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/10/09 20:05:35 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/09 20:05:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/09 20:05:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/10/09 20:03:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/08 22:51:54 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/08 22:34:47 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\peter\Application Data\wklnhst.dat
[2006/10/08 14:42:58 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/08 14:42:58 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8F46E25465.sys
[2006/09/27 01:29:03 | 000,004,183 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/26 01:48:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/23 16:29:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\fusioncache.dat
[2006/09/09 04:37:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/09 04:29:40 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/09 04:19:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/09 04:17:52 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/09 04:15:04 | 000,000,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/09 04:13:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/09 04:07:48 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/09/09 04:07:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/09/09 04:07:06 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/09/09 04:05:18 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/09 03:32:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2006/09/09 03:32:20 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/09/09 03:32:00 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/09 03:31:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/09 03:31:40 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/09 03:31:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/25 10:40:44 | 000,715,048 | ---- | C] () -- C:\WINDOWS\System32\SkanerOnline.dll
[2006/06/29 15:14:08 | 000,069,952 | ---- | C] () -- C:\WINDOWS\System32\SkanerOnlineUninstall.exe
[2006/05/25 00:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 10:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 10:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 10:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 10:27:59 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 10:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 10:18:33 | 000,401,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 10:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 10:18:33 | 000,062,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 10:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 10:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 10:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 10:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 10:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 10:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 10:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 10:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 20:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 23:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/04 14:01:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ArcaOnlineUninstall.exe
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/05/14 16:54:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/11/14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[color=#E56717]========== LOP Check ==========[/color]
[2005/08/17 02:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/11/21 21:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/27 19:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2009/04/21 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/24 20:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla
[2010/04/22 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2008/12/22 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/12 09:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Picture cooler 2010
[2012/01/27 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/19 22:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tlen.pl
[2006/09/09 04:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/21 22:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\ESET
[2007/06/27 14:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Gadu-Gadu
[2010/01/27 19:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Gadu-Gadu 10
[2009/03/17 22:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\HouseCall 6.6
[2009/10/24 20:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\ipla
[2010/03/14 16:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\iPlus
[2011/09/04 19:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Jpeg Resampler
[2006/10/08 22:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Leadertech
[2006/09/26 02:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\MSNInstaller
[2009/01/03 10:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Nokia
[2009/02/10 15:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Nowe Gadu-Gadu
[2010/04/22 21:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\OpenFM
[2008/12/22 16:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\PC Suite
[2006/10/08 22:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Template
[2012/01/27 13:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\TestApp
[2012/01/27 11:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Tlen.pl
[2010/02/25 00:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Uniblue
[2009/01/31 00:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\uTorrent
[2012/01/27 18:04:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0D6CADA3-4D61-4B0A-8C89-6FBA3763C078}.job
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Dodano Dzisiaj, 18:30:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 1/27/2012 6:08:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\peter\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.84% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 19.45 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
Drive D: | 26.21 Gb Total Space | 7.70 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
Computer Name: DDQZYKB1 | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glówny -- (Gadu-Gadu S.A.)
"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- (o2.pl Sp. z o.o.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast -- (www.sopcast.com)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AAE6633-8D9C-414A-B5EC-F65F45579A25}" = ESET Smart Security
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7CDE2F4E-F47C-45D3-97BE-E309F09F939C}" = Microsoft Kalkulator Plus
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Audio Pack" = Creative Audio Pack
"DC++" = DC++ 0.698
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.20 Full
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"ProInst" = Intel(R) PROSet/Wireless Software
"Quake III Arena" = Quake III Arena
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SkanerOnline" = Skaner on-line mks_vir
"Skype_is1" = Skype 3.0
"SopCast" = SopCast 3.0.1
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tlen.pl" = Tlen.pl
"Totalcmd" = Total Commander (Remove or Repair)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 1/7/2012 11:22:22 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/7/2012 11:22:22 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/8/2012 11:00:30 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/8/2012 11:00:30 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/9/2012 1:17:47 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/9/2012 1:17:48 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/10/2012 1:13:15 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/10/2012 1:13:15 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description =
Error - 1/27/2012 10:44:39 AM | Computer Name = DDQZYKB1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 1/27/2012 10:44:39 AM | Computer Name = DDQZYKB1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 1/27/2012 10:42:50 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The Net Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/27/2012 10:42:59 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).
Error - 1/27/2012 10:43:05 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).
Error - 1/27/2012 10:43:24 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 1/27/2012 10:43:33 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.
Error - 1/27/2012 12:43:40 PM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7038
Description = The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%5 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).
Error - 1/27/2012 12:43:40 PM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1069
Error - 1/27/2012 12:53:05 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/27/2012 12:54:16 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/27/2012 12:58:49 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
< End of report >
Dodano Dzisiaj, 20:06:
- Kod: Zaznacz wszystko
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-27 20:05:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2120BH rev.0085002A
Running: f5csxqer.exe; Driver: C:\DOCUME~1\peter\LOCALS~1\Temp\fflyapoc.sys
---- System - GMER 1.0.15 ----
SSDT 8920AC90 ZwAssignProcessToJobObject
SSDT 8920B200 ZwDebugActiveProcess
SSDT 8920B2F0 ZwDuplicateObject
SSDT 8920A590 ZwOpenProcess
SSDT 8920A800 ZwOpenThread
SSDT 8920AFD0 ZwProtectVirtualMemory
SSDT 8920B0E0 ZwQueueApcThread
SSDT 8920AEC0 ZwSetContextThread
SSDT 8920AD90 ZwSetInformationThread
SSDT 89207DA0 ZwSetSecurityObject
SSDT 8920AB90 ZwSuspendProcess
SSDT 8920AA80 ZwSuspendThread
SSDT 8920A6E0 ZwTerminateProcess
SSDT 8920AA50 ZwTerminateThread
SSDT 8920B6D0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB0349280]
.text ipsec.sys B000F000 216 Bytes [B0, FF, B5, 04, FF, FF, FF, ...]
.text ipsec.sys B000F0DA 7 Bytes [5C, 00, 52, 00, 65, 00, 67]
.text ipsec.sys B000F0E2 77 Bytes [69, 00, 73, 00, 74, 00, 72, ...]
.text ipsec.sys B000F131 10 Bytes [00, 65, 00, 72, 00, 76, 00, ...]
.text ipsec.sys B000F13C 1 Byte [65]
.text ...
? C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[776] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0125B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfLowerIrql] C9851475
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KeGetCurrentIrql] 8B662D74
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfRaiseIrql] 0B660241
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device \FileSystem\Fastfat \Fat AC37DD20
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) AD542000-AD550000 (57344 bytes)
---- Threads - GMER 1.0.15 ----
Thread System [4:2332] AD549540
Thread System [4:2336] AD549540
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB54744$\394673569 0 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\L 0 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\L\pdmzmplg 75264 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U 0 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000c0 3072 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@80000000 73728 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000c0 32768 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000cb 24576 bytes
File C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000cf 31232 bytes
File C:\WINDOWS\$NtUninstallKB54744$\924862654 0 bytes
---- EOF - GMER 1.0.15 ----
- noli_tangere
- ~user
- Posty: 5
- Dołączenie: 27 Sty 2012, 17:17
-
Win 32/rootkit.agent.nus
przez wojtas 27 Sty 2012, 21:13
ciężka infekcja...
Uruchom narzędzie Kaspersky TDSSKiller (zaznacz wszystkie opcje do skanowania ),gdyby coś znalazł wybierz opcję Skip i wklej tylko raport
Uruchom narzędzie Kaspersky TDSSKiller (zaznacz wszystkie opcje do skanowania ),gdyby coś znalazł wybierz opcję Skip i wklej tylko raport
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Win 32/rootkit.agent.nus
przez noli_tangere 27 Sty 2012, 21:54
mozesz mi podpowiedziec jak mam skopiowac ten raport, abys mogl go zobaczyc? nie moge do tego dojsc 
Dodano Dzisiaj, 21:36:
Dodano Dzisiaj, 21:36:
- noli_tangere
- ~user
- Posty: 5
- Dołączenie: 27 Sty 2012, 17:17
-
Win 32/rootkit.agent.nus
przez wojtas 28 Sty 2012, 11:50
w prawym górnym rogu klikasz na Raport i kopiujesz do postu 
odpal jeszcze raz ale teraz Cure gdy znajdzie zrób reset kompa
potem powtórz skan Kasperskym czy czegoś nie znalazł, potem daj loga z Combofixa i na koniec daj nowy log z OTL
odpal jeszcze raz ale teraz Cure gdy znajdzie zrób reset kompa potem powtórz skan Kasperskym czy czegoś nie znalazł, potem daj loga z Combofixa i na koniec daj nowy log z OTL
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Win 32/rootkit.agent.nus
przez noli_tangere 28 Sty 2012, 16:55
ok, wlasnie aktualizuje kaspersky, po wszystkim wrzuce logi, dziekuje za pomoc, jestem bardzo wdzieczny
- noli_tangere
- ~user
- Posty: 5
- Dołączenie: 27 Sty 2012, 17:17
-
Win 32/rootkit.agent.nus
przez wojtas 28 Sty 2012, 17:57
ok to czekamy ) na wszystkie logi o które prosiłem pozdro
) na wszystkie logi o które prosiłem pozdro-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Win 32/rootkit.agent.nus
przez noli_tangere 29 Sty 2012, 16:01
Panowie, dziękuję bardzo za pomoc. Niestety, infekcja okazała się na tyle poważna, że za którymś tam razem całkowicie uszkodziła system. Została tylko instalka Windowsa do wykonania:(
- noli_tangere
- ~user
- Posty: 5
- Dołączenie: 27 Sty 2012, 17:17
-
9 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości