

 
	
noli_tangere napisał(a):jestem kompletnie zielony w tym temacie...




 
	
OTL logfile created on: 1/27/2012 6:08:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\peter\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.84% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 19.45 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
Drive D: | 26.21 Gb Total Space | 7.70 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
 
Computer Name: DDQZYKB1 | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/01/27 17:58:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
PRC - [2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
PRC - [2012/01/27 17:42:23 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\peter\Local Settings\Temp\clclean.0001
PRC - [2012/01/03 21:40:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/11/28 11:48:54 | 005,837,800 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/09 04:07:22 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/07/21 11:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2006/05/25 00:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 15:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 15:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 15:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/25 05:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 14:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
PRC - [2006/02/16 15:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2006/01/02 23:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 16:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2003/09/10 08:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
MOD - [2012/01/27 17:42:23 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\peter\Local Settings\Temp\clclean.0001.dir.0004\~df394b.tmp
MOD - [2012/01/03 21:40:25 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/23 19:00:10 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/11/27 15:34:31 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/11/27 15:34:31 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/11/27 15:34:31 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2009/11/27 15:34:31 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/11/27 15:34:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/11/27 15:34:31 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/11/27 15:34:31 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/11/27 15:34:30 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/11/17 13:34:12 | 000,151,552 | ---- | M] () -- C:\Program Files\Tlen.pl\libgadu.dll
MOD - [2008/11/13 10:33:40 | 000,033,792 | ---- | M] () -- C:\Program Files\Tlen.pl\languages\polish.dll
MOD - [2008/08/05 12:46:38 | 000,061,464 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenSMS.tpl
MOD - [2008/07/22 08:49:48 | 000,075,800 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\FileTM.tpl
MOD - [2008/07/22 08:49:40 | 000,106,520 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\File.tpl
MOD - [2008/07/22 08:49:36 | 000,093,208 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Voice.tpl
MOD - [2008/07/22 08:49:30 | 000,195,096 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Video.tpl
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/19 13:20:08 | 000,017,408 | ---- | M] () -- C:\Program Files\Tlen.pl\hook.dll
MOD - [2008/06/19 13:15:54 | 000,030,720 | ---- | M] () -- C:\Program Files\Tlen.pl\libutil2.dll
MOD - [2008/06/19 13:15:46 | 000,139,264 | ---- | M] () -- C:\Program Files\Tlen.pl\libexpat2.dll
MOD - [2008/04/14 01:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/01/15 15:57:06 | 000,349,720 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\Tlenofon.tpl
MOD - [2007/10/05 14:00:58 | 000,181,248 | ---- | M] () -- C:\Program Files\Tlen.pl\libutil.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/17 10:36:00 | 000,048,176 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenDostep.tpl
MOD - [2007/09/17 10:36:00 | 000,031,768 | ---- | M] () -- C:\Program Files\Tlen.pl\plugins\TlenNewsy.tpl
MOD - [2006/06/29 12:12:00 | 001,355,042 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2006/05/25 00:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/05/01 15:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 15:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 15:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/03/10 17:49:30 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/18 10:33:58 | 000,054,784 | ---- | M] () -- C:\Program Files\Tlen.pl\libs\libexpat.dll
MOD - [2003/09/10 08:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2003/03/20 22:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax
MOD - [2003/01/30 05:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\Tlen.pl\stlpmt45.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/14 01:12:36 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\nsysaudm.dll -- (pcidrv)
SRV - [2006/09/09 04:07:22 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/05/01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/09/11 07:26:24 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/09/11 07:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/09 06:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/25 00:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/25 00:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/25 00:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/25 00:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/25 00:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/25 00:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 23:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 23:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 20:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/01 15:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 05:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/25 05:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/04 13:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 21:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 21:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 21:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 22:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 09:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 09:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 09:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 15:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 16:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 16:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/10/19 15:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/02/13 22:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = w3cache.duna.pl:8080
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: gacela2@nurago.com:10.1.502
FF - prefs.js..network.proxy.http: "211.142.211.40"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 21:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 07:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/11/21 21:58:23 | 000,000,000 | ---D | M]
 
[2008/08/26 21:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peter\Application Data\Mozilla\Extensions
[2012/01/27 08:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions
[2012/01/10 19:33:43 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/01/13 21:55:48 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2008/06/13 22:31:59 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\askcom.xml
[2010/04/11 13:08:30 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn---sownik-jzyka-polskiego.xml
[2012/01/25 21:27:03 | 000,001,274 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn-sjp.xml
[2012/01/25 21:27:03 | 000,001,255 | ---- | M] () -- C:\Documents and Settings\peter\Application Data\Mozilla\Firefox\Profiles\hfdmamma.default\searchplugins\pwn-so.xml
[2011/11/10 23:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 21:40:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/06 22:16:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:03:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2004/08/10 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Green Christmas Tree] C:\Documents and Settings\peter\Desktop\Choinka.exe File not found
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006..\Run: [Tlen.pl] C:\Program Files\Tlen7\tlen7.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..Trusted Domains: itvp.pl ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006\..Trusted Domains: mks.com.pl ([]http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} http://arcaonline.arcabit.com/ArcaOnline.cab (MainControl Class)
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab (MainControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MainControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4964/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513FCABB-8CE8-44FB-87A9-1DE42473C18E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4186394817-32334984-3788019067-1006 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 10:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0088ca7a-1066-11dd-81bf-0015c5a717aa}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{0088ca7a-1066-11dd-81bf-0015c5a717aa}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell - "" = AutoRun
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4569a6aa-2f7c-11df-865a-001e101f034e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell - "" = AutoRun
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4da51b6-2f7b-11df-8659-0015c5a717aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell - "" = AutoRun
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efe5482d-3004-11df-865d-0015c5a717aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/27 17:58:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
[2012/01/27 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/27 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Application Data\TestApp
[2012/01/27 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/27 11:42:01 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\peter\Desktop\antizeroaccess.exe
[2012/01/27 01:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/27 01:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Local Settings\Application Data\ESET
[2012/01/27 01:05:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peter\Local Settings\Application Data\17863da1
[2012/01/20 14:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peter\Desktop\dom Slawka nowe
[2010/03/19 20:14:31 | 002,131,336 | ---- | C] (Ask.com                                                      ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/27 18:04:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0D6CADA3-4D61-4B0A-8C89-6FBA3763C078}.job
[2012/01/27 17:59:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/27 17:58:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peter\Desktop\OTL.exe
[2012/01/27 17:51:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
[2012/01/27 17:43:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 17:42:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 17:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/27 17:42:10 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 17:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 17:39:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\peter\defogger_reenable
[2012/01/27 17:38:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Defogger.exe
[2012/01/27 16:18:11 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2012/01/27 12:09:35 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/01/27 11:45:59 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/01/27 11:42:03 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\peter\Desktop\antizeroaccess.exe
[2012/01/27 10:44:51 | 000,000,204 | -HS- | M] () -- C:\WINDOWS\8495829drv.spi
[2012/01/26 01:14:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/22 00:34:21 | 002,317,822 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Coma - Los cebula i krokodyle zy High quality.mp3
[2012/01/21 00:35:11 | 004,976,779 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Bakke, Posthumanizm.pdf
[2012/01/21 00:29:10 | 000,778,441 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Nagel, Nauka i zdrowy rozsadek.pdf
[2012/01/21 00:27:25 | 000,458,926 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Camus, Czlowiek zbuntowany.pdf
[2012/01/13 00:37:12 | 003,906,740 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Gotye- Somebody That I Used To Know feat Kimbra.mp3
[2012/01/10 20:29:18 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 20:29:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/10 19:52:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/03 03:09:25 | 004,709,222 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Massive Attack - Paradise Circus.mp3
[2012/01/02 19:10:10 | 002,856,912 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\2012_01_01_obwieszczenia.pdf
[2012/01/01 19:45:50 | 095,019,042 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\2.avi
[2012/01/01 19:00:40 | 081,046,116 | ---- | M] () -- C:\Documents and Settings\peter\Desktop\Jasnowidz wie, co nas czeka w 2012 roku.avi
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/27 17:51:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\f5csxqer.exe
[2012/01/27 17:39:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\peter\defogger_reenable
[2012/01/27 17:38:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Defogger.exe
[2012/01/27 11:36:48 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 10:44:51 | 000,000,204 | -HS- | C] () -- C:\WINDOWS\8495829drv.spi
[2012/01/27 01:07:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/22 00:34:21 | 002,317,822 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Coma - Los cebula i krokodyle zy High quality.mp3
[2012/01/21 00:29:54 | 004,976,779 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Bakke, Posthumanizm.pdf
[2012/01/21 00:28:13 | 000,778,441 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Nagel, Nauka i zdrowy rozsadek.pdf
[2012/01/21 00:27:24 | 000,458,926 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Camus, Czlowiek zbuntowany.pdf
[2012/01/11 07:48:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/06 23:46:31 | 003,906,740 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Gotye- Somebody That I Used To Know feat Kimbra.mp3
[2012/01/03 03:01:36 | 004,709,222 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Massive Attack - Paradise Circus.mp3
[2012/01/02 19:10:10 | 002,856,912 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\2012_01_01_obwieszczenia.pdf
[2012/01/01 19:42:21 | 095,019,042 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\2.avi
[2012/01/01 18:57:48 | 081,046,116 | ---- | C] () -- C:\Documents and Settings\peter\Desktop\Jasnowidz wie, co nas czeka w 2012 roku.avi
[2010/04/21 14:21:12 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/04/21 14:04:35 | 000,179,572 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2010/04/21 14:04:35 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/03/30 19:05:37 | 000,179,195 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2010/03/30 19:05:36 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/03/30 06:44:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/19 20:05:48 | 000,692,744 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\unins000.exe
[2010/02/19 20:05:48 | 000,003,137 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\unins000.dat
[2008/09/07 22:09:43 | 000,001,093 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/03/06 17:49:08 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2008/03/06 17:49:08 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2006/12/15 22:37:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2006/11/25 16:54:29 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2006/11/20 15:24:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/10 17:16:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/10/17 14:18:40 | 000,002,245 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2006/10/09 20:05:36 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/10/09 20:05:36 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/10/09 20:05:35 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/09 20:05:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/09 20:05:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/10/09 20:03:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/08 22:51:54 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/08 22:34:47 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\peter\Application Data\wklnhst.dat
[2006/10/08 14:42:58 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/08 14:42:58 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8F46E25465.sys
[2006/09/27 01:29:03 | 000,004,183 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/26 01:48:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/23 16:29:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\peter\Local Settings\Application Data\fusioncache.dat
[2006/09/09 04:37:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/09 04:29:40 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/09 04:19:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/09 04:17:52 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/09 04:15:04 | 000,000,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/09 04:13:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/09 04:07:48 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/09/09 04:07:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/09/09 04:07:06 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/09/09 04:05:18 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/09 03:32:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2006/09/09 03:32:20 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/09/09 03:32:00 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/09 03:31:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/09 03:31:40 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/09 03:31:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/25 10:40:44 | 000,715,048 | ---- | C] () -- C:\WINDOWS\System32\SkanerOnline.dll
[2006/06/29 15:14:08 | 000,069,952 | ---- | C] () -- C:\WINDOWS\System32\SkanerOnlineUninstall.exe
[2006/05/25 00:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 10:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 10:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 10:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 10:27:59 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 10:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 10:18:33 | 000,401,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 10:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 10:18:33 | 000,062,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 10:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 10:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 10:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 10:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 10:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 10:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 10:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 10:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 20:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 23:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/04 14:01:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ArcaOnlineUninstall.exe
[2003/09/16 17:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 17:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/05/14 16:54:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/11/14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2005/08/17 02:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/11/21 21:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/27 19:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2009/04/21 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/24 20:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla
[2010/04/22 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2008/12/22 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/12 09:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Picture cooler 2010
[2012/01/27 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/19 22:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tlen.pl
[2006/09/09 04:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/21 22:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\ESET
[2007/06/27 14:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Gadu-Gadu
[2010/01/27 19:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Gadu-Gadu 10
[2009/03/17 22:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\HouseCall 6.6
[2009/10/24 20:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\ipla
[2010/03/14 16:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\iPlus
[2011/09/04 19:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Jpeg Resampler
[2006/10/08 22:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Leadertech
[2006/09/26 02:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\MSNInstaller
[2009/01/03 10:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Nokia
[2009/02/10 15:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Nowe Gadu-Gadu
[2010/04/22 21:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\OpenFM
[2008/12/22 16:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\PC Suite
[2006/10/08 22:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Template
[2012/01/27 13:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\TestApp
[2012/01/27 11:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Tlen.pl
[2010/02/25 00:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\Uniblue
[2009/01/31 00:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peter\Application Data\uTorrent
[2012/01/27 18:04:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0D6CADA3-4D61-4B0A-8C89-6FBA3763C078}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
OTL Extras logfile created on: 1/27/2012 6:08:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\peter\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.84% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 19.45 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
Drive D: | 26.21 Gb Total Space | 7.70 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
 
Computer Name: DDQZYKB1 | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-4186394817-32334984-3788019067-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glówny -- (Gadu-Gadu S.A.)
"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- (o2.pl Sp. z o.o.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast -- (www.sopcast.com)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS1171\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe" = C:\Documents and Settings\peter\Local Settings\Temp\7zS38AF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AAE6633-8D9C-414A-B5EC-F65F45579A25}" = ESET Smart Security
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7CDE2F4E-F47C-45D3-97BE-E309F09F939C}" = Microsoft Kalkulator Plus
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Audio Pack" = Creative Audio Pack
"DC++" = DC++ 0.698
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.20 Full
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"ProInst" = Intel(R) PROSet/Wireless Software
"Quake III Arena" = Quake III Arena
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SkanerOnline" = Skaner on-line mks_vir
"Skype_is1" = Skype 3.0
"SopCast" = SopCast 3.0.1
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tlen.pl" = Tlen.pl
"Totalcmd" = Total Commander (Remove or Repair)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/7/2012 11:22:22 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/7/2012 11:22:22 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/8/2012 11:00:30 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/8/2012 11:00:30 AM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/9/2012 1:17:47 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/9/2012 1:17:48 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/10/2012 1:13:15 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/10/2012 1:13:15 PM | Computer Name = DDQZYKB1 | Source = .NET Runtime | ID = 0
Description = 
 
Error - 1/27/2012 10:44:39 AM | Computer Name = DDQZYKB1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/27/2012 10:44:39 AM | Computer Name = DDQZYKB1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
[ System Events ]
Error - 1/27/2012 10:42:50 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The Net Driver HPZ12 service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 1/27/2012 10:42:59 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 1/27/2012 10:43:05 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly.  It has done this 1
 time(s).
 
Error - 1/27/2012 10:43:24 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly.  It has done 
this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
 Restart the service.
 
Error - 1/27/2012 10:43:33 AM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
 terminated unexpectedly.  It has done this 1 time(s).  The following corrective
 action will be taken in 120000 milliseconds: Restart the service.
 
Error - 1/27/2012 12:43:40 PM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7038
Description = The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService
 with the currently configured  password due to the following error:   %%5    To ensure 
that the service is  configured properly, use the Services snap-in in Microsoft Management
Console
 (MMC).
 
Error - 1/27/2012 12:43:40 PM | Computer Name = DDQZYKB1 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following 
error:   %%1069
 
Error - 1/27/2012 12:53:05 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
Error - 1/27/2012 12:54:16 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
Error - 1/27/2012 12:58:49 PM | Computer Name = DDQZYKB1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
 
< End of report >GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-27 20:05:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2120BH rev.0085002A
Running: f5csxqer.exe; Driver: C:\DOCUME~1\peter\LOCALS~1\Temp\fflyapoc.sys
---- System - GMER 1.0.15 ----
SSDT            8920AC90                                                                                          ZwAssignProcessToJobObject
SSDT            8920B200                                                                                          ZwDebugActiveProcess
SSDT            8920B2F0                                                                                          ZwDuplicateObject
SSDT            8920A590                                                                                          ZwOpenProcess
SSDT            8920A800                                                                                          ZwOpenThread
SSDT            8920AFD0                                                                                          ZwProtectVirtualMemory
SSDT            8920B0E0                                                                                          ZwQueueApcThread
SSDT            8920AEC0                                                                                          ZwSetContextThread
SSDT            8920AD90                                                                                          ZwSetInformationThread
SSDT            89207DA0                                                                                          ZwSetSecurityObject
SSDT            8920AB90                                                                                          ZwSuspendProcess
SSDT            8920AA80                                                                                          ZwSuspendThread
SSDT            8920A6E0                                                                                          ZwTerminateProcess
SSDT            8920AA50                                                                                          ZwTerminateThread
SSDT            8920B6D0                                                                                          ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
init            C:\WINDOWS\system32\drivers\monfilt.sys                                                           entry point in "init" section [0xB0349280]
.text           ipsec.sys                                                                                         B000F000 216 Bytes  [B0, FF, B5, 04, FF, FF, FF, ...]
.text           ipsec.sys                                                                                         B000F0DA 7 Bytes  [5C, 00, 52, 00, 65, 00, 67]
.text           ipsec.sys                                                                                         B000F0E2 77 Bytes  [69, 00, 73, 00, 74, 00, 72, ...]
.text           ipsec.sys                                                                                         B000F131 10 Bytes  [00, 65, 00, 72, 00, 76, 00, ...]
.text           ipsec.sys                                                                                         B000F13C 1 Byte  [65]
.text           ...                                                                                               
?               C:\WINDOWS\system32\DRIVERS\ipsec.sys                                                             suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text           C:\Program Files\ESET\ESET Smart Security\ekrn.exe[776] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[920] ntdll.dll!LdrLoadDll                            7C91632D 5 Bytes  JMP 0125B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!GetWindowInfo              7E42C49C 5 Bytes  JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!TrackPopupMenu             7E46531E 5 Bytes  JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT             \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfLowerIrql]                                       C9851475
IAT             \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KeGetCurrentIrql]                                  8B662D74
IAT             \SystemRoot\system32\DRIVERS\ipsec.sys[HAL.dll!KfRaiseIrql]                                       0B660241
---- Devices - GMER 1.0.15 ----
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                            eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                          epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                           SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                           SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                         epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                         epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                       epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
Device          \FileSystem\Fastfat \Fat                                                                          AC37DD20
AttachedDevice  \FileSystem\Fastfat \Fat                                                                          eamon.sys (Amon monitor/ESET)
Device          \FileSystem\Cdfs \Cdfs                                                                            tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.15 ----
Module          (noname) (*** hidden *** )                                                                        AD542000-AD550000 (57344 bytes)                                                               
---- Threads - GMER 1.0.15 ----
Thread          System [4:2332]                                                                                   AD549540
Thread          System [4:2336]                                                                                   AD549540
---- Files - GMER 1.0.15 ----
File            C:\WINDOWS\$NtUninstallKB54744$\394673569                                                         0 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\@                                                       2048 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\L                                                       0 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\L\pdmzmplg                                              75264 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\loader.tlb                                              2632 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U                                                       0 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@00000001                                             45968 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000c0                                             3072 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000cb                                             3072 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@000000cf                                             1536 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@80000000                                             73728 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000c0                                             32768 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000cb                                             24576 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\394673569\U\@800000cf                                             31232 bytes
File            C:\WINDOWS\$NtUninstallKB54744$\924862654                                                         0 bytes
---- EOF - GMER 1.0.15 ---- 
	


 
	
 odpal jeszcze raz ale teraz Cure gdy znajdzie
 odpal jeszcze raz ale teraz Cure gdy znajdzie   zrób reset kompa
 zrób reset kompa 


 
	

 
	
 
	
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 16 gości