x-kom hosting

Brak dostępu do programów, wirusy backdoor

Gawron64
utworzono
utworzono (edytowane)

Witam
Mam taki problem na viście! Siedziałem na stronach, na których siedzę zazwyczaj codziennie i chcąc wejść na stronę www.derekroddy.com zobaczyłem, że włącza mi się aplikacja JAVA wyłączyła mi się mozilla i wyskoczył mi komunikat Vista security 2012 i rozpoczęło się skanowanie systemu. Zaczęło mi pokazywać, że w plikach systemowych, niedawno utworzonych i takich, które moim zdaniem są maksymalnie bezpieczne siedzą wirusy. Naliczyło mi ich ok. 31 i wyskoczył komunikat kup licencję żeby usunąć robaki i oczyścić komputer. Zaczałem wyłączać ten program jednak bez skutku, bo co chwila skanowanie powracało. Udało mi się włączyć menadzer zadań i znalazłem nowy proces duq.exe Jeszcze gdy mogłem wejść w firefoxa usunąłem historię przeglądania itp. i od tamtej pory proces się nie ukazywał. Teraz nie mam dostępu do żadnego programu na komputerze wyskakuje komunikat OTWIERANIE ZA POMOCĄ. Chciałem wkleić OTL, ale przy próbie włączenia wyskoczył alert NIE MOŻNA ODNALEŹĆ APLIKACJI. Nie wiem co robić, wpisałem w google nazwę procesu i zobaczyłem, że to jakiś nowy wirus backdoor. Nie znam się na tym i proszę o pomoc, bo format nie wchodzi w grę. Nie dość, że nie mam płyty to i pliki bym stracił :/ Udało się uruchomić OTL jako administrator i zrobić logi, które podałem niżej.

[log] OTL logfile created on: 2011-06-22 10:12:53 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,11% Memory free
4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 35,70 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color="#E56717"]========== Processes (All) ==========[/color]

PRC - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-04-14 18:59:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 09:33:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


[color="#E56717"]========== Modules (All) ==========[/color]

MOD - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll


[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-08-29 12:10:32 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel®
DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)


[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://pl.intl.acer.yahoo.com"]http://pl.intl.acer.yahoo.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://pl.intl.acer.yahoo.com"]http://pl.intl.acer.yahoo.com[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url="http://search.yahoo.com/search?p=%7BsearchTerms%7D&ei=utf-8&fr=b1ie7"]http://search.yahoo....=utf-8&fr=b1ie7[/url]
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#E56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M]

[2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions
[2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions
[2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml
[2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml
File not found (No name found) --
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KMCONFIG] File not found
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [3704065805] File not found
O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\AutoRun\command - "" = byilfowc.exe
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\explore\Command - "" = byilfowc.exe
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\open\Command - "" = byilfowc.exe
O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell - "" = AutoRun
O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..exefile [open] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\...exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^Agnieszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: [b]iPlusManager[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]LManager[/b] - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: [b]PLFSet[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\windows sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]StartCCC[/b] - hkey= - key= - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]updateMgr[/b] - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color="#E56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-22 09:32:41 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software
[2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe
[2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL
[2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color="#E56717"]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-22 09:50:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-22 09:50:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-22 09:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-22 09:42:03 | 000,080,384 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-22 08:58:27 | 000,009,732 | -HS- | M] () -- C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
[2011-06-22 08:58:27 | 000,009,732 | -HS- | M] () -- C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
[2011-06-22 05:25:56 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempfq1412.html
[2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-21 18:56:33 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job
[2011-06-21 09:28:10 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempkY6120.html
[2011-06-21 09:28:10 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempFf6120.html
[2011-06-20 14:00:16 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempqb4596.html
[2011-06-20 14:00:16 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempSw4596.html
[2011-06-18 22:27:55 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempKI3816.html
[2011-06-18 22:27:55 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TemplL3816.html
[2011-06-14 21:24:59 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempVa3188.html
[2011-06-10 18:01:35 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-06-10 18:01:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-10 18:01:35 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-06-10 18:01:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-09 20:52:48 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempyq2436.html
[2011-06-09 20:52:48 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TemphK2436.html
[2011-06-09 20:52:48 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempzN2436.html
[2011-06-09 20:52:48 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempRg2436.html
[2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2011-06-04 21:55:51 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempcU6012.html
[2011-06-04 21:55:51 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempTT6012.html
[2011-06-03 22:55:02 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempxH1712.html
[2011-06-03 22:55:02 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1712.html
[2011-06-02 21:51:40 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempZw4220.html
[2011-06-02 21:51:40 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempQi4220.html
[2011-06-02 21:39:25 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempIZ4220.html
[2011-06-02 21:39:25 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempEz4220.html
[2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-05-29 09:56:41 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-05-01 21:05:29 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempJy4172.html

[color="#E56717"]========== Files Created - No Company Name ==========[/color]

[2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-06-22 08:45:59 | 000,009,732 | -HS- | C] () -- C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
[2011-06-22 08:45:59 | 000,009,732 | -HS- | C] () -- C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
[2011-06-22 05:25:55 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfq1412.html
[2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-21 09:25:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempkY6120.html
[2011-06-21 09:25:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFf6120.html
[2011-06-20 13:56:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempqb4596.html
[2011-06-20 13:56:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempSw4596.html
[2011-06-18 22:23:58 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKI3816.html
[2011-06-18 22:23:58 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplL3816.html
[2011-06-14 20:26:16 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVa3188.html
[2011-06-09 20:51:41 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphK2436.html
[2011-06-09 20:51:41 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzN2436.html
[2011-06-09 20:35:09 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempyq2436.html
[2011-06-09 20:35:09 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRg2436.html
[2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll
[2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl
[2011-06-04 21:01:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempcU6012.html
[2011-06-04 21:01:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTT6012.html
[2011-06-03 22:02:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempxH1712.html
[2011-06-03 22:02:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1712.html
[2011-06-02 21:51:40 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZw4220.html
[2011-06-02 21:51:40 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQi4220.html
[2011-06-02 21:39:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIZ4220.html
[2011-06-02 21:39:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempEz4220.html
[2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-05-01 20:59:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJy4172.html
[2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-03-21 22:52:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGW5112.html
[2011-03-11 09:42:13 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI
[2011-03-01 17:09:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempvp5500.html
[2011-03-01 17:09:59 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempbr5500.html
[2010-12-17 17:13:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempwX4772.html
[2010-12-17 17:13:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWM4772.html
[2010-12-17 10:57:35 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmU4664.html
[2010-12-17 10:57:35 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIY4664.html
[2010-12-16 19:23:24 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRB4764.html
[2010-12-16 19:23:24 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temppo4764.html
[2010-12-15 13:23:03 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempSF2732.html
[2010-12-15 13:23:03 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQZ2732.html
[2010-12-14 14:19:48 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjO1780.html
[2010-12-14 14:19:48 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1780.html
[2010-12-13 23:09:45 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temppn5080.html
[2010-12-13 23:09:45 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWn5080.html
[2010-12-13 11:28:32 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIp3596.html
[2010-12-13 11:28:32 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoN3596.html
[2010-12-12 14:10:54 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYe4764.html
[2010-12-12 14:10:54 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFn4764.html
[2010-12-11 15:10:01 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFX1468.html
[2010-12-11 15:10:01 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempuL1468.html
[2010-12-09 00:15:07 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjm4816.html
[2010-12-09 00:15:07 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCf4816.html
[2010-12-08 01:56:00 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempgy3468.html
[2010-12-08 01:56:00 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjt3468.html
[2010-12-03 16:46:35 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCc5416.html
[2010-12-03 16:46:35 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRS5416.html
[2010-12-03 02:17:21 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTS5700.html
[2010-12-03 02:17:21 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempEV5700.html
[2010-11-14 18:46:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempgB3936.html
[2010-11-09 22:53:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIK5988.html
[2010-06-22 00:17:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmR5792.html
[2010-06-22 00:17:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temptj5792.html
[2010-06-21 21:32:39 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLx4852.html
[2010-06-14 20:45:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjf4936.html
[2010-06-14 20:45:22 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsO4936.html
[2010-06-07 16:33:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempxL5784.html
[2010-05-29 19:36:31 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempqr4836.html
[2010-05-28 18:40:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNU5316.html
[2010-05-27 23:03:15 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjG3520.html
[2010-05-27 22:48:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFg4504.html
[2010-05-27 22:14:08 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWi3564.html
[2010-05-26 19:17:13 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNV3188.html
[2010-05-26 19:17:13 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempeT3188.html
[2010-05-19 13:29:44 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwu4080.html
[2010-05-14 00:22:57 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Templf3088.html
[2010-05-13 22:05:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempBA4556.html
[2010-05-10 20:12:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvE5472.html
[2010-04-29 08:52:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempwE2424.html
[2010-04-29 08:52:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaT2424.html
[2010-04-27 23:01:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempsl4104.html
[2010-04-27 22:58:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTA4604.html
[2010-04-22 22:22:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmV4852.html
[2010-04-22 22:17:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvG4868.html
[2010-04-22 22:17:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaB4868.html
[2010-04-21 23:20:43 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempv23236.html
[2010-04-21 23:20:43 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempx23236.html
[2010-04-21 23:15:33 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempXL8676.html
[2010-04-20 21:11:48 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempc22388.html
[2010-04-20 21:11:48 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempT22388.html
[2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-19 18:26:06 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfo5560.html
[2010-04-19 18:22:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLO3412.html
[2010-04-18 13:01:28 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCZ3584.html
[2010-04-17 09:53:58 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGi5812.html
[2010-04-15 21:09:30 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJG6104.html
[2010-04-15 21:09:30 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplH6104.html
[2010-04-14 22:59:08 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfx6024.html
[2010-04-14 22:59:08 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwy6024.html
[2010-04-14 19:54:39 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempza1056.html
[2010-04-14 19:54:39 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGJ1056.html
[2010-04-13 14:25:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFA5112.html
[2010-04-13 14:25:47 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoU5112.html
[2010-04-11 16:34:26 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRR1604.html
[2010-04-11 16:34:26 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzV1604.html
[2010-04-09 14:00:21 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyW5300.html
[2010-04-09 14:00:21 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempuz5300.html
[2010-04-07 22:43:43 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWM6080.html
[2010-04-07 22:43:43 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempzn6080.html
[2010-04-06 19:37:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempke4556.html
[2010-04-06 19:37:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTi4556.html
[2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-04-04 16:12:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZcy388.html
[2010-04-04 16:12:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRTP388.html
[2010-03-31 20:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIG3192.html
[2010-03-31 20:59:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzP3192.html
[2010-03-31 15:20:15 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempmk2464.html
[2010-03-31 15:20:15 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZs2464.html
[2010-03-30 21:46:26 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAA3516.html
[2010-03-30 21:46:26 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyN3516.html
[2010-03-30 20:34:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNo3308.html
[2010-03-30 20:34:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwc3308.html
[2010-03-29 08:13:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempPm4108.html
[2010-03-29 08:13:20 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempot4108.html
[2010-03-28 18:45:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempkf4888.html
[2010-03-28 18:45:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKA4888.html
[2010-03-28 14:39:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempDc4484.html
[2010-03-28 14:39:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVE4484.html
[2010-03-27 16:37:09 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsK4404.html
[2010-03-27 16:37:09 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempox4404.html
[2010-03-26 16:46:24 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJq4036.html
[2010-03-26 16:46:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempzn4036.html
[2010-03-26 09:36:18 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJE2016.html
[2010-03-26 09:36:18 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplM2016.html
[2010-03-26 02:54:00 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFQ2204.html
[2010-03-26 02:54:00 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempHs2204.html
[2010-03-26 01:25:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempOKD216.html
[2010-03-26 01:25:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempmxe216.html
[2010-03-25 21:40:03 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJw3232.html
[2010-03-25 21:40:03 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGm3232.html
[2010-03-24 20:37:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJH1144.html
[2010-03-24 20:37:22 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTJ1144.html
[2010-03-23 21:20:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTx4432.html
[2010-03-23 21:20:11 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJC4432.html
[2010-03-23 14:29:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNw4204.html
[2010-03-23 14:29:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphE4204.html
[2010-03-23 14:24:02 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzQ4244.html
[2010-03-23 14:24:02 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWA4244.html
[2010-03-21 17:29:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaD1384.html
[2010-03-21 17:29:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjt1384.html
[2010-03-21 13:55:06 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFR1000.html
[2010-03-21 13:55:06 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRT1000.html
[2010-03-21 03:22:12 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVb4236.html
[2010-03-21 03:22:12 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQi4236.html
[2010-03-21 00:34:13 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAV4184.html
[2010-03-21 00:34:13 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNu4184.html
[2010-03-20 21:34:38 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempng2488.html
[2010-03-20 21:34:38 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRa2488.html
[2010-03-20 21:01:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVW2800.html
[2010-03-20 21:01:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLv2800.html
[2010-03-20 16:34:18 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYG1468.html
[2010-03-20 16:34:18 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLT1468.html
[2010-03-18 16:41:56 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempfW2752.html
[2010-03-18 16:41:56 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempfH2752.html
[2010-03-17 19:36:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsV4316.html
[2010-03-17 19:36:49 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzP4316.html
[2010-03-14 19:50:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQG2220.html
[2010-03-14 19:50:11 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempON2220.html
[2010-03-14 16:03:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempeb1104.html
[2010-03-14 16:03:47 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYS1104.html
[2010-03-13 21:48:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCX4064.html
[2010-03-13 21:48:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempMZ4064.html
[2010-03-12 21:03:41 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempHS3648.html
[2010-03-12 21:03:41 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempOm3648.html
[2010-03-11 21:10:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvV3868.html
[2010-03-11 21:10:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempBR3868.html
[2010-03-11 18:20:01 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphB2272.html
[2010-03-11 18:20:01 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyR2272.html
[2010-03-11 13:57:19 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAI4224.html
[2010-03-11 13:57:19 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNK4224.html
[2010-03-10 20:20:14 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJS4604.html
[2010-03-10 20:20:14 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoQ4604.html
[2010-03-10 20:07:19 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKZ4748.html
[2010-03-10 20:07:19 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempDd4748.html
[2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-03-06 10:04:06 | 000,080,384 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png
[2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat
[2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color="#E56717"]========== LOP Check ==========[/color]

[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app
[2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite
[2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2
[2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-06-22 08:51:11 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000
[2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu
[2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10
[2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express
[2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking
[2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache
[2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM
[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template
[2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom
[2011-06-22 09:48:01 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-06-21 18:56:33 | 000,000,470 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job

[color="#E56717"]========== Purity Check ==========[/color]



[color="#E56717"]========== Custom Scans ==========[/color]


[color="#A23BEC"]< %systemdrive%\*.* >[/color]
[2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-22 09:48:51 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys
[2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log


[color="#A23BEC"]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color="#A23BEC"]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color="#A23BEC"]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color="#A23BEC"]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color="#A23BEC"]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color="#A23BEC"]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >
[/log]

[log] OTL Extras logfile created on: 2011-06-22 10:12:53 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,11% Memory free
4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 35,70 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color="#E56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#E56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color="#E56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#E56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color="#E56717"]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color="#E56717"]========== Authorized Applications List ==========[/color]


[color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system |
"{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system |
"{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system |
"{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color="#E56717"]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system |
"{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |

[color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian
"{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix
"{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian
"{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese
"{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai
"{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid
"foobar2000" = foobar2000 v0.9.6.9
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"RealAlt_is1" = Real Alternative 2.0.1
"Theme Park World" = Theme Park World
"Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3®
"WinRAR archiver" = Archiwizator WinRAR

[color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#E56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia:
01cc2bfe3880bffe Godzina zakończenia: 0

Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa
0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura
czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator
procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e.

[ System Events ]
Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505
Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F},
ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane.


< End of report >
[/log]

[color="#FF0000"]//nie pisz w innych tematach
//wydzielam
//dan[/color]

* przepraszam za kłopot... dziękuję i liczę na waszą pomoc! :)

Mateusz J.
komentarz
komentarz

Do okna OTL wklej:
[code]:OTL
DRV - [2007-08-29 12:10:32 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
File not found (No name found) --
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [3704065805] File not found
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\AutoRun\command - "" = byilfowc.exe
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\explore\Command - "" = byilfowc.exe
O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\open\Command - "" = byilfowc.exe
O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell - "" = AutoRun
O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell\AutoRun\command - "" = G:\autorun.exe
O35 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..exefile [open] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %*
O37 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\...exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %*

:files
C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5
C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job
C:\Users\Agnieszka\AppData\Local\Temp*.html
C:\ProgramData\ntuser.pol

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]

:Commands
[emptyflash]
[emptytemp]
[reboot][/code]Kiknij [color="#0000FF"][b]Wykonaj skrypt[/b][/color]
Komputer uruchomi się ponownie.
Wykonaj ponownie log z OTL.

Gawron64
komentarz
komentarz

Log, który wyskoczył po restarcie:

[log]All processes killed
========== OTL ==========
Service hwdatacard stopped successfully!
Service hwdatacard deleted successfully!
C:\Windows\System32\drivers\ewusbmdm.sys moved successfully.
HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Prefs.js: "Softonic-Eng7 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry value HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3704065805 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found.
File byilfowc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found.
File byilfowc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found.
File byilfowc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found.
File G:\autorun.exe not found.
Registry value HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* not found.
Registry key HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== FILES ==========
C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 moved successfully.
C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job moved successfully.
C:\Users\Agnieszka\AppData\Local\TempAA3516.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempaB4868.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempaD1384.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempAI4224.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempaT2424.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempAV4184.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempBA4556.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempBR3868.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempbr5500.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempc22388.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempCc5416.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempCf4816.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempcU6012.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempCX4064.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempCZ3584.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempDc4484.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempDd4748.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempeb1104.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempeT3188.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempEV5700.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempEz4220.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFA5112.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFf6120.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFg4504.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempfH2752.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFn4764.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempfo5560.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempfq1412.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFQ2204.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFR1000.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempfW2752.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempFX1468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempfx6024.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempgB3936.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempGi5812.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempGJ1056.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempGm3232.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempGW5112.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempgy3468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemphB2272.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemphE4204.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemphK2436.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempHs2204.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempHS3648.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempIG3192.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempIK5988.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempIp3596.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempIY4664.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempIZ4220.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJC4432.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJE2016.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempjf4936.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempjG3520.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJG6104.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJH1144.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempjm4816.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempjO1780.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJq4036.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJS4604.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempjt1384.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempjt3468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJw3232.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempJy4172.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempKA4888.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempke4556.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempkf4888.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempKI3816.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempkY6120.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempKZ4748.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Templf3088.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemplH6104.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemplL3816.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TemplM2016.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempLO3412.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempLT1468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempLv2800.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempLx4852.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempmk2464.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempmR5792.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempmU4664.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempmV4852.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempmxe216.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempMZ4064.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempng2488.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNK4224.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNo3308.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNu4184.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNU5316.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNV3188.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempNw4204.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempOKD216.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempOm3648.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempON2220.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempoN3596.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempoQ4604.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempot4108.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempoU5112.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempox4404.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempPm4108.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Temppn5080.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Temppo4764.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempqb4596.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempQG2220.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempQi4220.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempQi4236.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempqr4836.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempQZ2732.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRa2488.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRB4764.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRg2436.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRR1604.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRS5416.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRT1000.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempRTP388.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempSF2732.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempsK4404.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempsl4104.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempsO4936.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempsV4316.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempSw4596.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempT22388.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTA4604.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTi4556.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTJ1144.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Temptj5792.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTS5700.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTT6012.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempTx4432.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempuL1468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempuz5300.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempv23236.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempVa3188.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempVb4236.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempVE4484.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempvE5472.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempvG4868.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempvp5500.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempvQ1712.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempvQ1780.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempvV3868.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempVW2800.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempWA4244.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempwc3308.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempwE2424.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempWi3564.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempWM4772.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempWM6080.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempWn5080.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempwu4080.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempwX4772.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempwy6024.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempx23236.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempxH1712.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempxL5784.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempXL8676.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempYe4764.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempYG1468.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempyN3516.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempyq2436.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempyR2272.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempYS1104.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempyW5300.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempza1056.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempZcy388.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempzN2436.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempzn4036.html moved successfully.
C:\Users\Agnieszka\AppData\Local\Tempzn6080.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempzP3192.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempzP4316.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempzQ4244.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempZs2464.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempzV1604.html moved successfully.
C:\Users\Agnieszka\AppData\Local\TempZw4220.html moved successfully.
C:\ProgramData\ntuser.pol moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Agnieszka
->Flash cache emptied: 57355 bytes

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Agnieszka
->Temp folder emptied: 18705543 bytes
->Temporary Internet Files folder emptied: 276954121 bytes
->Java cache emptied: 27723207 bytes
->FireFox cache emptied: 62975198 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45119312 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06222011_151611

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]

OTL

[log]OTL logfile created on: 2011-06-22 15:34:05 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,67% Memory free
4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 34,61 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,76 Gb Free Space | 41,38% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-22 15:20:49 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AGNIES~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-04-14 18:59:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-08-02 17:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-03-12 00:14:00 | 011,792,992 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-05-09 10:36:38 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007-04-26 17:00:02 | 000,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007-04-25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007-04-23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007-04-12 17:42:26 | 000,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007-04-04 12:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe
PRC - [2007-03-28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe
PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe
PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-02-09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006-11-10 18:06:32 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2006-11-07 14:57:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2006-09-08 09:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
MOD - [2011-06-22 09:24:10 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-06-22 09:24:10 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-06-22 09:24:09 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-06-16 22:14:08 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
MOD - [2011-06-16 22:14:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011-06-16 22:14:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-10-08 23:08:01 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-19 09:34:02 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
MOD - [2007-04-12 17:40:04 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007-04-12 17:39:48 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007-04-12 17:39:44 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2007-03-17 05:19:08 | 000,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll
MOD - [2007-02-12 16:02:08 | 000,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll
MOD - [2007-02-07 10:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006-11-29 21:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R)
DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M]

[2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions
[2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions
[2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml
[2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml
File not found (No name found) --
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KMCONFIG] File not found
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-22 15:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-06-22 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Local\Apps
[2011-06-22 09:32:41 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software
[2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe
[2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL
[2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-22 15:33:05 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempml4908.html
[2011-06-22 15:33:05 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempou4908.html
[2011-06-22 15:20:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-22 15:20:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-22 15:20:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-22 14:16:14 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-06-22 12:22:54 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-06-22 12:22:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-22 12:22:53 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-06-22 12:22:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-05-29 09:56:41 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-22 15:33:05 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempml4908.html
[2011-06-22 15:33:05 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempou4908.html
[2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll
[2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl
[2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI
[2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png
[2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat
[2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app
[2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite
[2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2
[2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-06-22 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000
[2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu
[2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10
[2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express
[2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking
[2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache
[2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM
[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template
[2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom
[2011-06-22 15:18:24 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-22 15:19:24 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys
[2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >
[/log]

EXTRAS

[log]OTL Extras logfile created on: 2011-06-22 15:34:05 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,67% Memory free
4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 34,61 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,76 Gb Free Space | 41,38% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system |
"{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system |
"{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system |
"{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system |
"{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian
"{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix
"{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian
"{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese
"{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai
"{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid
"foobar2000" = foobar2000 v0.9.6.9
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"RealAlt_is1" = Real Alternative 2.0.1
"Theme Park World" = Theme Park World
"Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3®
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia:
01cc2bfe3880bffe Godzina zakończenia: 0

Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa
0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura
czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator
procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e.

[ System Events ]
Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505
Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F},
ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane.


< End of report >
[/log]

Z tego co zauważyłem jest dobrze, programy chodzą jak wcześniej i chyba nawet troszkę szybciej komputer działa :) Sporo w pamięci tymczasowej było... to komputer mojej dziewczyny więc chyba pierwszy raz został tak oczyszczony :)

Mateusz J.
komentarz
komentarz

W OTL użyj opcji Sprzątanie.
Czysto.

Zalecam przeskanowanie komputera skanerem malwarebytes.

Gawron64
komentarz
komentarz

A więc tak: sprzątnąłem, zrestartowalem komputer, zainstalowałem, zaktualizowałem malwarebytes anti-malware no i mam coś takiego:

[log]Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Wersja bazy: 6921

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011-06-22 22:00:22
mbam-log-2011-06-22 (21-59-58).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 148048
Upłynęło: 6 minut(y), 27 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 3
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)
[/log]
I co z tym fantem zrobić?

wirusolog
komentarz
komentarz

Pozwól, żeby MBAM to usunął.
Możesz jeszcze przeprowadzić pełne skanowanie nim, tak dla świętego spokoju.
Możesz wkleić nowe logi z OTL, żeby upewnić się, że ta infekcja się nie odrodziła, ale myśle, że to jest zbędne.

Gawron64
komentarz
komentarz

Pełne skanowanie wykryło coś takiego:
typ Trojan.FakeAlert
kategoria File
objekt D:/Program Files/Mozilla Firefox/0.2698259552213599.exe

Usunąłem, do kwarantanny, restart komputera i znów pełne skanowanie. Tym razem nic nie wykryło. Zrobiłem skanowanie OTL tutaj daję logi:

OTL

[log]OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,45% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 34,43 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
PRC - [2011-06-22 15:20:49 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AGNIES~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-08-02 17:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-05-09 10:36:38 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007-04-26 17:00:02 | 000,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007-04-25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007-04-23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007-04-12 17:42:26 | 000,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007-04-04 12:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe
PRC - [2007-03-28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe
PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe
PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-02-09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006-11-10 18:06:32 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2006-11-07 14:57:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2006-09-08 09:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
MOD - [2011-06-22 09:24:10 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-06-22 09:24:10 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-06-22 09:24:09 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-06-16 22:14:08 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
MOD - [2011-06-16 22:14:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011-06-16 22:14:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-10-08 23:08:01 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-19 09:34:02 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
MOD - [2007-04-12 17:40:04 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007-04-12 17:39:48 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007-04-12 17:39:44 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2007-03-17 05:19:08 | 000,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll
MOD - [2007-02-12 16:02:08 | 000,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll
MOD - [2007-02-07 10:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006-11-29 21:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R)
DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M]

[2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions
[2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions
[2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml
[2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml
File not found (No name found) --
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KMCONFIG] File not found
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^Agnieszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: [b]iPlusManager[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]LManager[/b] - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: [b]PLFSet[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\windows sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]StartCCC[/b] - hkey= - key= - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]updateMgr[/b] - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-23 00:13:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-22 21:48:25 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Malwarebytes
[2011-06-22 21:45:35 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-06-22 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-06-22 21:45:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-06-22 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Local\Apps
[2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software
[2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe
[2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL
[2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-23 11:26:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-23 11:26:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-23 11:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe
[2011-06-22 23:55:19 | 000,004,608 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-22 23:55:18 | 008,480,457 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Pyramid.mov
[2011-06-22 22:37:34 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempjF5112.html
[2011-06-22 22:12:11 | 005,994,064 | ---- | M] () -- C:\Users\Agnieszka\Desktop\150strokes.mpg
[2011-06-22 21:41:42 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-22 14:16:14 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-06-22 12:22:54 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-06-22 12:22:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-22 12:22:53 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-06-22 12:22:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-22 23:55:17 | 000,004,608 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-22 23:54:51 | 008,480,457 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Pyramid.mov
[2011-06-22 22:37:33 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjF5112.html
[2011-06-22 22:11:41 | 005,994,064 | ---- | C] () -- C:\Users\Agnieszka\Desktop\150strokes.mpg
[2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg
[2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini
[2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll
[2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk
[2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl
[2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk
[2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3
[2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1
[2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0
[2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2
[2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI
[2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png
[2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat
[2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat
[2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app
[2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite
[2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2
[2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011-06-22 15:55:29 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000
[2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu
[2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10
[2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6
[2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express
[2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking
[2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache
[2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM
[2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template
[2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom
[2011-06-23 00:20:55 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log
[2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-23 11:25:49 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys
[2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >
[/log]

Extras

[log]OTL Extras logfile created on: 2011-06-23 12:43:11 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,45% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 34,43 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS

Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system |
"{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system |
"{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system |
"{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe |
"{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system |
"{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian
"{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix
"{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian
"{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese
"{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai
"{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid
"foobar2000" = foobar2000 v0.9.6.9
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"RealAlt_is1" = Real Alternative 2.0.1
"Theme Park World" = Theme Park World
"Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3®
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia:
01cc2bfe3880bffe Godzina zakończenia: 0

Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa
0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura
czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator
procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e.

Error - 2011-06-22 18:20:28 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002
Description = Program mbam.exe w wersji 1.51.0.1074 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: 1598 Godzina rozpoczęcia: 01cc3129e0989208
Godzina
zakończenia: 7

Error - 2011-06-22 18:20:41 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002
Description = Program OTL.exe w wersji 3.2.24.1 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: 11cc Godzina rozpoczęcia: 01cc31298fe11e48
Godzina
zakończenia: 6

[ System Events ]
Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505
Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F},
ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.

Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane.


< End of report >
[/log]

wirusolog
komentarz
komentarz

Infekcji brak.
Mała korekta:

[hr]
[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
MsConfig - StartUpReg: iPlusManager - hkey= - key= - File not found
MsConfig - StartUpReg: PLFSet - hkey= - key= - File not found
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [KMCONFIG] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Acer Tour] File not found
[2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml
[2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml
File not found (No name found) --
() (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com

:Files
C:\Users\Agnieszka\AppData\Local\TempjF5112.html

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.stronastartowa.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.stronastartowa.com/"

:Commands
[emptyflash]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] Po restarcie odpal OTL i wciśnij w nim [b]Sprzątanie[/b]

To chyba na tyle.

Gawron64
komentarz
komentarz

Zrobiłem to co było napisane w poście wyżej. Czy mam coś jeszcze zrobić? Logi z OTL'a dać? MBAM skanować? Chciałbym mieć pewność, że jest czysto i nikt nie szpieguje tego co robię na laptopie... Jeśli to wszystko to serdecznie dziękuję za pomoc i fachowe rady :)

wirusolog
komentarz
komentarz

Jak chcesz to możesz jeszcze dać logi z [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u] + [url=http://www.hotfix.pl/instrukcja-obslugi-tdsskiller-a341.htm][b][color=blue][u]TDSSKiller[/url][/b][/color][/u].
Logi z OTL - nie dawaj / skanowanie MBAM możesz zrobić, chodź z mojego punktu widzenia - [b]zbędne[/b]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.